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12  things  you  need  to  know  about  software-as-a-service 

Software-as-a-service  will  probably  save  you  money  and  lead 
to  faster  implementation,  but  it's  still  not  always  a  no-brainer. 

Page  18. 


Overcoming  agent  software  overload 

Security,  management  vendors  challenged  to  address  issues. 

Page  30. 
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The  regulatory 
dance 

With  so  many  state, 
federal  and  even 
international  regula¬ 
tions  on  the  books, 
how  does  a  security 
manager  prepare  for 
auditors?  Find  out. 
Page  10. 


Behind  the  scenes 
at  eBay 

Computing  guru  Paul 
Strong  shares  online 
auctioneer's  outlook 
on  next-gen  data 
centers.  Page  14. 


Massive  server 
consolidation 

IBM  said  it  will  con¬ 
solidate  nearly  4,000 
PC  servers  onto 
mainframes  running 
Linux  in  a  move  that 
will  save  the  compa¬ 
ny  $250  million. 

.  Page  16. 


Network  World's  2007 
IT  Roadmap  Conference  & 
Expo  tour  stops  in  Dallas  on 
Sept.  6  before  heading  to 
Washington,  D.C.  Register  at 
.vww.nwdocfinder.com/9837 
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The  case 
of  the  great 
hot-site  swap 

BY  JOHN  COX 

A  Maine  college  and  a  Cali¬ 
fornia  university  are  reaching 
across  the  continent  to  share 
hardware  and  software  in  a 
joint  disaster-recovery  effort 
that  could  be  a  model  not  just 
for  other  schools  but  also  for 
businesses. 

You  can  think  of  it  as  the  lob¬ 
ster  and  sushi  project. 

Besides  creating  recovery 
sites  at  each  other’s  campuses, 
the  network  staffs  at  Bowdoin 
College  in  Brunswick,  Maine, 
and  Loyola  Marymount  Uni¬ 
versity  (LMU)  in  Los  Angeles 
also  are  creating  a  set  of  prac¬ 
tices  that  can  guide  other  coop¬ 
erative  IT  ventures  between  dif¬ 
ferent  organizations. 

Two  identical  recovery  sites, 
based  on  blade  servers  and 
VMware’s  virtual  server  soft¬ 
ware,  are  being  assembled  on 
each  campus,  linked  to  the 
Internet  with  a  secure  VPN  con¬ 
nection  over  a  30Mbps  link. 
Each  campus  will  host  and 
manage  hardware  and  soft¬ 
ware  bought  by  the  other  insti¬ 
tution.  If  a  disaster  or  outage 
hits  either  school,  the  hosting 
campus  will  initialize  the 
other’s  hot  site  and  run  it  for 
the  duration  of  the  emergency 
IT  staff  on  the  stricken  campus 
will  access  what  is  in  effect 
See  Recovery,  page  42 


August  6,  2007  ■  Volume  24,  Number  30 


I 


Philadelphia  rolls  out  mega¬ 
municipal  Wi-Fi  mesh  network 

EarthLink  gets  green  light  to  blanket  135  square  miles  with 
Wi-Fi  coverage.  Page  32 

Wireless  mesh  deployment  moving  at  rapid  pace,  despite 
challenges.  Page  34 

Cheese  steak,  Liberty  Bell,  Wi-Fi:  EarthLink  launches 
marketing  blitz.  Page  38 

Low-cost  Wi-Fi  offered  to  city’s  poorest  residents.  Page  41 

Video:  Twisted  Pair  Keith  Shaw  and 

Jason  Meserve  take  you  on  a  virtual  i  J 

tour  of  Philadelpia’s  Wi-Fi  hot  spots. 

Go  to  www.nwdocfinder.Gom/9823. 

Chime  in:  If  you're  in  Philly,  log  onto  m  jp; 

the  EarthLink  service  and  share  ]  .  ' 

your  experience.  Go  to  ss 

www.nwdocfinder.com/9822  i  K , 
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Want  to  run  multiple  applications  on  one  server 
without  losing  sleep?  Check  out  the  IBM  System  x™ 
Express  model  servers  with  Dual-Core  Intel®  Xeon® 
technology.  It’s  super-reliable,  thanks  to  advanced 
features  like  hot-swap  power/cooling,  redundant 
components  and  proactive  management  tools. 

So  it’s  an  outstanding  server  platform  for  your 
virtualization  solution.  And  just  the  right  solution 
for  companies  like  yours.  Go  ahead  and  optimize 
your  infrastructure.  And  minimize  your  worries. 
From  the  people  and  Business  Partners  of  IBM. 
Innovation  made  easy. 


IBM  SYSTEM 

FROM 

X3500 

$2,169 

EXPRESS 

or  $57/month1 

Up  to  two  Dual-Core  Intel  Xeon 
Processors 

Up  to  48GB  667MHz 
high-performance  memory 

Up  to  2.4TB  hot-swap  SAS  or 
4.0TB  hot-swap  SATA  storage 

Hot-swap  redundant  power  supplies 
and  fans 

IBM  Director  with  Predictive  Failure 
Analysis,  to  monitor  and  help  identify 
problems  on  critical  components2 

Limited  warranty:  3  years  on-site. 

Ask  about  IBM’s  same-day  service 
response.3 


MISSION-CRITICAL  TWO-SOCKET  TOWER  SERVER  FOR  DISTRIBUTED 
ENVIRONMENTS 


IBM  SYSTEM  x3550  EXPRESS 

From  $1,999  or  SSS/month1 

Up  to  two  Dual-Core  Intel  Xeon  Processors 
Up  to  32GB  667MHz  high-performance  memory 
Up  to  600GB  hot-swap  SAS  or  up  to  1.5TB  simple-swap  SATA  storage 
Hot-swap  and  redundant  fans  and  hot-swap  and  redundant  power  supplies 
available  on  select  models 

IBM  Director  with  Predictive  Failure  Analysis?  to  monitor  and  help  identify 
problems  on  critical  components2 

Limited  warranty:  3  years  on-site.  Ask  about  IBM’s  same-day  service 
response.3 


IBM  SYSTEM  STORAGE  DS3400  EXPRESS 

From  $5,899  or  SlSS/month1 

4  Gbps  Fibre  Channel  interface  technology 

Scalable  up  to  3.6TB  of  storage  capacity  with  300GB  hot-swappable 
Serial  Attached  SCSI  (SAS)  disks 

Expandable  by  attaching  up  to  three  EXP3000s,  a  total  of  up  to  14.4TB 
of  storage  capacity 

Flexible  for  use  with  IBM  System  x  and  BladeCenter*  servers 
Limited  warranty:  3  years  on-site.  Ask  about  IBM’s  same-day  service 
response.3 


Free  3-month  trial  of  VMware®  Infrastructure  3 

included  with  purchase  of  System  x  and  BladeCenter. 
Offer  valid  until  December  31,  2007. 


~  express 

advantage 


ibm.com/systems/reliability 

1-866-872-3902  (mention  code:  6N7AH29A) 


1  IBM  Global  Financing  offerings  are  provided  through  IBM  Credit  LLC  in  the  United  States  and  other  IBM  subsidiaries  arid  divisions  worldwide  to  qualified  commercial  and  government  customers.  Monthly  payments  provided  are  tor  planning  purposes 
only  arid  may  vary  based  on  your  credit  and  other  factors.  Lease  offer  provided  is  based  on  a  FMV  lease  of  36  monthly  payments.  Other  restrictions  may  apply.  Rates  arid  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice.  2.  Predictive 
Failure  Analysis  monitors  select  components  such  as  processors,  memory,  hard  disk  drives,  voltage  regulator  modules  and  power  supplies.  Covered  components  can  vary  by  model.  3.  IBM  hardware  products  are  manutactured  tram  new  parts,  or  new  and 
serviceable  used  parts.  Regardless,  our  warranty  terms  apply.  For  a  copy  of  applicable  product  warranties,  visit  ibm.com/servers/support/machine_warranties  or  write  to  Warranty  Information.  P.0.  Box  12195.  RTP.  NC  27709.  Attn:  Dept.  JDJA/B203. 
IBM  makes  no  representation  or  warranty  regarding  third-party  products  or  services,  including  those  designated  as  ServerProven  or  ClusterProven.  Telephone  support  may  be  subject  to  additional  charges.  For  on-site  labor.  IBM  will  attempt  to  diagnose 
and  resolve  the  problem  remotely  before  sending  a  technician  On-site  warranty  is  available  only  tor  selected  components.  Optional  same-day  service  response  is  available  on  [select]  systems  at  an  additional  charge.  IBM,  System  x.  BladeCenter  and 
Predictive  Failure  Analysis  are  registered  trademarks  or  trademarks  ol  International  Business  Machines  Coiporalion  in  the  United  States  and/or  other  countries.  For  a  complete  list  of  IBM  trademarks,  see  ibm.com/legal/copytrade.shtml.  Intel.  Intel  Inside, 
the  Intel  Inside  logo,  and  Xeon  aie  registered  trademarks  of  Intel  Corporation.  All  other  products  may  be  trademarks  or  registered  trademarks  of  their  respective  companies.  All  prices  are  IBM's  estimated  retail  selling  prices  as  ot  June  1. 2007.  Prices  may 
vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may  vary.  Products  are  subject  to  availability.  This  document  was  developed  tor  offerings  in  the  United  States.  IBM  may  not  offer  the  products,  features  or  services 
discussed  in  this  document  in  other  countries  Prices  are  subject  to  change  without  notice.  Starting  price  may  not  include  a  hard  drive,  operating  system  or  other  features.  Contact  your  IBM  representative  or  IBM  Business  Partner  tor  the  most  current 
pricing  in  your  geography.  ©2007  IBM  Corporation.  All  lights  reserved. 
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COOL 

■  Keith  Shaw 
checks  out  the 
coverage  and 
usage  of 

Philadelphia’s  city¬ 
wide  Wi-Fi  rollout. 
See  Cool  Tools, 
page  28. 
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GOODBADUGLY 

Sun  surprises 

Sun  Microsystems  has  reported  a 
swing  to  a  fourth-quarter  profit  after  a 
loss  last  year  on  essentially  flat  rev¬ 
enue.  Sun  posted  net  income  of  $329 
million  on  revenue  of  $3.8  billion  in  the 
three  months  ended  June  30,  reversing 
a  loss  of  $301  million  in  its  fiscal  fourth 
quarter  of  2006.The  company  credited 
cost-cutting  for  part  of  its  swing  to 
profitability.  Sun  trimmed  $487  million  in 
expenses  in  the  fourth  quarter. 

Waiting  for  Wi-Fi  in  San  Fran 

The  next  crucial  votes  on  San 
Francisco's  municipal  Wi-Fi  proposal 
will  be  delayed  until  next  month  while 
chosen  contractor  EarthLink  becomes 
increasingly  skittish  about  building 
wireless  networks  for  cities.  After  a 
request  by  EarthLink,  city  officials 
plan  to  push  back  votes  well  into 
September. 


Beware  Homer  Simpson  in  his 
underwear 
Spammers  are  jump¬ 
ing  on  the  success 
of  "The  Simpsons 
Movie"  to  trick 
e-mail  users  into  vali¬ 
dating  their  addresses,  so 
they  then  can  send  them 
more  spam.  Since  the 
movie  opened  on  July  27, 
spammers  have  been  send¬ 
ing  messages  with  an  em¬ 
bedded  picture  of  Homer 
Simpson  in  his  underwear. 


PEERSAY 


Where  can  the  average 
intelligent  adult  find  beginner- 
level  computer  information 
presented  in  a  logical,  step- 
by-step  fashion?55 


Editor's  note:  Continue  the  discussions  online. 
Use  the  DocFinder  URL  after  each  writer’s 
name  to  join  the  discussions  in  which  they  orig¬ 
inally  posted  their  comments. 

Computer  literacy  is  hard 

I  read  the  letter  from  Mr.  Steve  Margison 
(www.nwdocfinder.com/9838)  with  great  in¬ 
terest,  especially  this 
line:  “We  have  a 
country  heavily  de¬ 
pendent  on  comput¬ 
ers,  and  just  as  totally 
illiterate.” 

I  think  he’s  right 
but  my  question  is, 
what  can  we  do 
about  it?  My  own 
story  may  illustrate 

the  problem  that  many  people  have  educat¬ 
ing  themselves  about  computers. 

After  18  years  as  a  full-time  homemaker,  in 
January  of  this  year  I  was  fortunate  enough  to 
get  a  part-time  job  offer  that  involved  (among 
other  things)  looking  after  a  small  number  of 
computers  used  by  adult  continuing  educa¬ 
tion  students.  In  the  busy  whirl  of  being  an  at- 
home  wife  and  mother,  much  of  the  computer 
revolution  had  passed  me  by  although  I  knew 
how  to  e-mail  and  how  to  buy  things  online. 
But  I  needed  to  know  how  to  download  soft¬ 
ware  and  monitor  the  computers.  So  I  imme¬ 
diately  went  to  the  library  the  bookstore  and 
online  to  find  out  everything  I  could. 

Mr.  Margison  might  be  surprised  to  know  that 
all  of  the  books,  even  the  well-known  ones, 
assumed  a  level  of  knowledge  I  didn’t  have. 
Diodes  . . .  software  platforms  . . .  networks  . . . 
[were]  all  referred  to  early  on  with  little  or  no 
explanation.  So  I  got  my  hands  on  some  text¬ 
books  used  to  teach  technology  to  adults,  but 
once  again  they  seemed  to  be  written  for 
someone  who  already  knows  what  a  server  is 
and  how  it  works  (for  example). The  courses 
available  at  a  local  community  college  were 
all  very  application-specific;  I  didn’t  need  that. 
I  wanted  to  know  how  it  all  worked,  how  it  all 
fit  together.  Online,  the  courses  were  expensive 
and  out  of  date.  Dictionaries  were  contradic¬ 
tory  and  confusing. 
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►  SPECIAL  NETWORK  WORLD  FEATURE 


SCAN  THIS  CODE 
with  your  cell 
phone  to  get  the 
latest  IT  network 
news  delivered  to 
your  cellular 
device. 


■  ■ 


■  ■ 


■  ■■ 


■  ■  ■ 
■■■■ 


■  ■ 


■  ■  ■ 


To  get  the  client 
software,  use  your  phone  browser  to 
visit  wap.connexto.com 

For  more  information  on  code  scanning, 
see  www.nww.com/codescan 


I  finally  made  progress  by  fixing  on  a  con¬ 
cept  and  reviewing  it  across  all  the  different 
sources:  books,  online, Wikipedia  and  bugging 
friendly  types  in  the  IT  department.  But  it  is  a 
patchwork  process. 

So  my  question  to  Mr.  Margison  and  to  any¬ 
one  who  is  interested  in  computer  literacy  is 
this:  Where  can  the  average  intelligent  adult 
find  beginner  level 
computer  information 
presented  in  a  logical, 
step-by-step  fashion?  A 
source  that  assumes 
the  reader  knows  very 
little  to  nothing  about 
computer  technology? 
And  if  the  graphics 
actually  illustrated  the 
concept  under  discus¬ 
sion,  that  would  be  a  dream  come  true. 

Once  that  is  available  you’d  be  surprised 
how  many  people  would  want  it.  I  know  1 
still  do. 

Lisa  Tate 
Houston,  TX 

www.nwdocfinder.com/9839 

P2P:  What  is  it  good  for? 

Re:  IM  attacks  up  nearly  80%,Akonix  says 
(www.nwdocfinder.com/9840).  What  com¬ 
pany  needs  to  allow  programs  like  Lime- 
wire,  Kazaa,  ShareBear  or  any  of  the  other 
P2P  programs?  Why  not  just  block  all  P2P 
traffic  and  let  people  infect  their  systems  at 
home  if  they  want  illegal  music  or  file 
downloads? 

Anybody  have  a  legitimate  use  for  P2P  in 
an  office  environment? 

Thomas  J.  Raef 

www.nwdocfinder.com/9841 


Don’t  call  it  forensics 

Re:  A  push  to  standards  for  network  foren¬ 
sics  (www.nwdocfinder.com/9842).  The 
security  world  appears  to  have  co-opted  the 
use  of  the  term  “forensics”  for  its  own  pur¬ 
poses.  “Forensics”  is  a  legal  process,  not  a 
technical  process.  Few  corporate  IS  shops 
concern  themselves  with  ensuring  that  evi¬ 
dence  gathered  is  preserved  to  be  pre¬ 
sentable  in  a  court  of  law;  in  fact,  the  first 
priority  is  to  contain  the  threat,  which,  by 
definition,  implies  the  alteration  or  even 
destruction  of  potential  legal  evidence. 

As  a  digital  forensics  specialist  whose  pri¬ 
mary  focus  is  evidence  collection,  analysis 
and  presentation  for  legal  purposes,  I’d  pre¬ 
fer  to  call  “network  forensics”  what  it  really 
is:  incident  response. 

Anonymous 

www.nwdocflnder.com/9843 

E-mail  letters  to  jdix@nww.com  or  send  them 
to  John  Dix,  editor  in  chief.  Network  World,  118 
Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for 
verification. 
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For  you,  it’s  a  problem  you  didn’t  see  coming 

't  -w 

For  your  business,  it’s  a  customer  JBSP 
you  won’t  see  coming  back. 


You  can’t  anticipate  every  problem.  But  Emerson  Network  Power  and  its 
Liebert  power  and  cooling  technologies  can  help  you  create  an  IT  infrastructure 
that  is  ready  for  anything— unplanned  outages,  unpredictable  growth  or 
unexpected  technologies. 

One  example  is  the  Liebert  NX,  a  software-scalable  UPS  that  can  double  in 
capacity  without  adding  or  modifying  hardware.  Download  our  white  paper, 
Powering  Change  in  the  Data  Center,  and  discover  what  Liebert  technologies 
can  do  for  your  operating  flexibility,  at  flexibility.liebert.com. 


EMERSON 

Network  Power 
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another  reason  why  Emerson  Network  Power  is  the  global  leader 
enabling  Business-Critical  Continuity. 
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INTERVIEWS,  THE  COOLEST  TOOLS  AND  MORE 


COOL  TOOLS: 


PANORAMA  PODCAST 


TWISTED  PAIR 


Phinding  Philly  Wi-Fi 

Program  Director  Keith 
Shaw  hits  the  road  to 
check  out  Philadelphia's 
new,  citywide  Wi-Fi  cov¬ 
erage.  Can  he  really 
connect  anywhere  in  the 
City  of  Brotherly  Love? 
www.nwdocfinder.com/9823 


NWPAN 

ORAMA 


Wr 


Stop  phishing  faster  Elton  John  gets  old 


Laura  Mather  explains 
the  steps  companies 
can  take  to  shut  down 
sites  quickly  and  when 
and  how  to  get  law 
enforcement  involved. 
www.nwdocfinder.com/98S0 


Multimedia  Editor 
Jason  Meserve  and 
Shaw  discuss  new 
flaws  in  Mozilla,  the 
$50-billion  government 
contract  for  IBM  and 
AT&T,  and  figure  out 
why  Elton  John  might 
not  want  to  shut  down 
the  Internet. 
www.nwdocfinder.com/9851 


BEST  OF  NW’S 

NEWSLETTERS 


Optimize  the  WAN  and  your  career 


■  Cisco’s  lame  reaction  to  Google’s 
wireless  bid.  Cisco  Subnet  blogger  Brad 
Reese  blasts  Cisco’s  top  Washington, 
D.C.,  counsel  for  her  “lame”  thoughts 
about  Google's  bid  for  the  700MHz  spec¬ 
trum  auction.  He  writes:  “Mary  L.  Brown 
—  former  in-house  counsel  for  prebank¬ 
rupt  and  scandal-plagued  MCI  —  is  lead¬ 
ing  the  Cisco  effort  as  the  Washington, 
D.C. -based  director  of  technology  and 
spectrum  policy.  In  a  woefully  embarrass¬ 
ing,  lazy  and  just  downright  lame  entry  on 
the  Cisco  High  Tech  Policy  Blog,  Brown 
has  thoroughly  convinced  me  that  Google 
deserves  to  win  this  match."  www.nwdoc 
finder.com/9824 

■  Notebooks  and  native  hard-drive  en¬ 
cryption.  Seagate,  ASI  Computer  Tech¬ 
nologies  and  Wave  Systems  created  the 
C8015  notebook  with  native  hard-drive 
encryption,  writes  Keith  Shaw  in  his  Cool 
Tools  blog:  "If  the  notebook  is  lost  or  stolen, 
no  worries  —  the  data  is  encrypted  on  the 
hard  drive,  and  there’s  no  way  to  access  the 
data  without  the  user’s  password  (no  back 
doors,  recovery  tools  or  services  available  to 
retrieve  it).  A  few  weeks  ago,  Seagate  sent 
me  the  C8015."  In  his  review  he  finds  that 
configuring  the  encryption  was  easy,  but  the 
notebook’s  password  protection  scheme 
performed  in  odd  ways,  www.nwdocfind 
er.com/9825 

■  Microsoft’s  identity  Management 
platform.  Microsoft  Subnet  blogger  Tyson 
Kopczynski  has  been  granted  a  preview  of 
Microsoft’s  Certificate  Lifecycle  Manager. 
And  guess  what?  He  likes  it.  In  the  first  of  a 
two-part  blog  entry,  he  cites  the  good  things 
about  CLM:  “I  think  that  purchasing  Alacris 
(idNexus),  rebranding  it  CLM  and  then  tying 
into  Identity  Lifecycle  Manager  was  the  right 
step  for  Microsoft.  After  all,  digital  certifi¬ 
cates  are  a  cornerstone  to  representing  a 
person’s  identity  within  an  organization. 
And  from  a  functional  standpoint,  Windows 
Certificate  Services  has  always  lacked  an 
easy  method  for  managing  a  certificate’s 
‘life  cycle.’ 

www.nwdocfinder.com/9826 

H  Witty  videos  reveal  security  chal¬ 
lenges.  Layer  8  has  found  a  source  for  clever 
videos  that  remind  users  to  make  security 
Job  1:  “That’s  at  least  part  of  the  message 
delivered  by  the  six  winners  announced  today 
of  a  computer  security-awareness  video 
contest,  as  part  of  a  national  campaign  to 
raise  awareness  of  and  increase  computer 
security  awareness." 
www.nwdocfinder.com/9827 


Plus:  NAC  challenges 

Wide  area  networking:  As  recently  as  a 
few  years  ago,  it  was  difficult  to  find  a  com¬ 
pany  that  was  concerned  with  application 
delivery,  but  now  that’s  a  top  priority  for  the 
vast  majority  of  businesses.  Because  of  this, 
the  Wide  Area  Networking  newsletter  has 
covered  this  issue  extensively  One  perspec¬ 
tive  we  haven’t  examined  is  the  impact  of 
application  delivery  on  our  careers.There  is 
no  doubt  that  a  company  couldn’t  function 
without  the  WAN,  but  it  also  couldn’t  func¬ 
tion  without  electricity. That  doesn’t  mean 
that  the  company’s  senior  business  man¬ 
agers  believe  that  electricity  provides  direct 
business  benefit. They  know  they  need  it, 
and  they  just  expect  it  to  be  there.  In  many 
cases,  the  same  thing  applies  to  the  WAN. 
The  difference  is  that  many  senior  business 
managers  would  rather  have  a  conversation 
about  electricity  than  about  MPLS  or  other 
WAN  technologies. 
www.nwdocfinder.com/9834 

Network-access  control:  The  biggest  con¬ 
cern  for  businesses  thinking  about  deploying 
NAC  is  the  cost  and  complexity  of  the  proj¬ 
ect,  according  to  a  survey  by  Current  An¬ 
alysis.  Respondents’  worries  about  deploy¬ 
ment  complexity  center  on  whether  the  NAC 


gear  would  be  compatible  with  other  hard¬ 
ware  and  software  already  deployed,  and 
what  it  would  take  to  remedy  any  problems, 
according  to  “The  Current  Analysis  2007  NAC 
Enterprise  Demand  Survey’  Beyond  these 
concerns,  potential  NAC  users  also  worry  in 
a  general  way  that  NAC  gear  isn’t  fully  baked 
yet.  As  a  result,  they  may  want  to  delay 
deployment  until  it  matures,  the  survey 
concludes,  www.nwdocfinder.com/9835 

Small-business  technology:  Feeling 
paranoid?  Think  people  are  out  to  get  you? 
No?  You’re  just  not  paying  attention.  Small 
businesses  have  gained  the  attention  of 
large  companies  who  lust  after  their  buying 
power.  And  unfortunately,  hackers  now  lust 
after  small  businesses  for  their  intellectual 
property  and  customer  data,  and  find 
smaller  companies  make  easier  targets 
because  their  defenses  are  weaker.  So  says 
Dan  Hubbard,  vice  president  for  security 
research  at  Websense.the  security  firm  that 
just  announced  the  Websense  Express 
product  line  for  SMB. The  trend  for  large 
companies  to  make  sophisticated  security 
tools  affordable  for  small  companies  is  one 
we  all  should  encourage. 
www.nwdocfinder.com/9836 
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»  Hackers  love  company.  Your  company.  Today,  criminals  methodically  target  corpora¬ 
tions,  orchestrating  attacks  to  steal  confidential  information:  "Hacking  for  profit.” 

In  addition  to  stopping  worms,  viruses  and  phishers,  you  need  to  crush  these  new, 
systematic  assaults  —  from  botnets  to  trojans.  Juniper  Networks  comprehensive, 
cost-effective  threat  management  solutions  provide  uncompromising  defense  for  your 
network.  Only  Juniper  takes  a  uniquely  holistic  approach,  dispatching  dedicated  protec¬ 
tion  to  every  network  and  application  layer  vulnerability  and  making  any  network  more 
secure:  www.juniper.net/threatmanagement 
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CA  alleges  Rocket  ‘stole’  code 

CA  has  accused  Rocket  Software  of  stealing  source  code  and  other  intellec¬ 
tual  property  to  build  database-administration  tools  that  closely  resemble 
CAs.The  company  is  asking  a  federal  judge  for  more  than  $200  million  in 
damages.  Rocket  declined  comment  when  contacted  by  Network  World.  Four 
engineers  at  a  CA  subsidiary  stole  source  code  before  taking  new  jobs  at  Rocket, 
where  they  used  it  to  build  six  database-administration  products  for  IBM’s  DB2 
database  in  half  the  time  it  took  CA  to  build  almost  identical  products,  a  com¬ 
plaint  filed  last  week  in  a  New  York  court  says.  Rocket  launched  three  database 
tools  in  December  2000,  less  than  a  year  after  hiring  the  four  engineers  who  had 
worked  at  CAs  subsidiary  Platinum  Technology  International.  CA  alleges  that 
these  products  had  features  and  functions  that  “directly  corresponded”  to  highly 
complex  CA  products  that  had  taken  nearly  three  years  to  create. 
nwwdocfinder.com/9861 


Report  slams  Diebold  voting  machines. 

Diebold  Election  Systems’  voting  machines 
are  not  secure  enough  to  guarantee  a  trust¬ 
worthy  election,  and  an  attacker  with  access 
to  a  single  machine  could  disrupt  or  change 
the  outcome  of  an  election  using  viruses, 

according  to  a 
review  of  Diebold’s 
source  code. “The 
software  contains 
serious  design  flaws 
that  have  led  direct¬ 
ly  to  specific  vulner¬ 
abilities  that  attack¬ 
ers  could  exploit  to 
affect  election  out¬ 
comes,”  according 
to  the  University  of  California  at  Berkeley 
report,  commissioned  by  the  California  secre¬ 
tary  of  state  as  part  of  a  two-month  review  of 
electronic  voting  systems  certified  for  use  in 
California.The  source-code  review  identified 
four  main  weaknesses  in  Diebold’s  software, 
including:  vulnerabilities  that  allow  an  attack¬ 
er  to  install  malware  on  the  machines;  a  fail¬ 
ure  to  guarantee  the  secrecy  of  ballots;  a  lack 
of  controls  to  prevent  election  workers  from 
tampering  with  ballots  and  results;  and  sus¬ 
ceptibility  to  viruses  that  could  allow  attack¬ 
ers  to  an  influence  an  election. 
www.nwdocfinder.com/9862 

Microsoft  cuts  Vista  price  to  $66  in  China 

Microsoft  has  dramatically  cut  the  price  of 
Windows  Vista  in  China  in  a  bid  to  boost 
sales  of  its  new  operating  system.  Microsoft 
cut  the  retail  price  of  Windows  Vista  Home 
Basic  in  China  to  499  renminbi  ($65.80), 
from  1,521  renminbi  —  a  67%  reduction. 
The  Home  Premium  version  of  Vista  also 
got  a  significant  price  reduction,  down  50% 
from  1,802  renminbi  to  899  renminbi. The 
new  prices,  which  were  introduced  last 
week,  represent  a  steep  discount  com¬ 
pared  with  what  users  in  the  United  States 
and  elsewhere  are  charged  for  the  soft¬ 
ware.  Microsoft’s  Web  site  lists  the  recom¬ 


mended  U.S.  retail  price  of  Vista  Home 
Basic  at  $199,  with  Home  Premium  priced 
at  $239.  It’s  been  speculated  by  some  that 
the  Vista  price  cuts  in  China  also  are 
intended  to  put  a  dent  in  rampant  software 
piracy  there,  though  that  seems  unlikely 
with  reports  of  pirated  copies  selling  for  as 
little  as  $1. 

www.nwdocfinder.com/9865 

Compliance  survey  finds  policies  outdated. 

Compliance  policies  at  large  financial  institu¬ 
tions  are  outdated  and  often  ignored  by 
employees,  a  new  survey  has  found. The  sur¬ 
vey  of  550  financial  services  professionals  in 
London  and  New  York  found  that  14%  are  not 
confident  their  organization’s  policies  are  up- 
to-date  with  the  most  recent  changes  to  regu¬ 
lations  issued  by  governments,  stock  markets 
and  other  institutions.  One  out  of  five  survey 
respondents  admit  they  have  never  even  read 
their  firm’s  policy  manuals.  Another  15%  have 
read  the  manual  at  least  once  but  do  not  con¬ 
tinue  to  read  it  regularly  Complinet,  a  compli¬ 
ance  vendor,  conducted  the  survey. 
www.nwdocfinder.com/9866 

IBM  acquisition  targets  data  governance 

IBM  last  week  announced  that  it  has 
acquired  Princeton  Softech,a  maker  of  data- 
archiving,  classification  and  discovery  prod¬ 
ucts,  to  bolster  its  own  data-management 
offerings.  Financial  terms  weren’t  disclosed. 
Princeton  Softech’s  products  help  customers 
improve  database  performance  by  separating 
historical  data  from  current  data  and  storing 
it  securely  and  cost  effectively,  IBM  says. The 
vendor’s  test  data-management  technology 
helps  customers  maintain  data  privacy  by 
creating  test  databases  that  mask  and  protect 
sensitive  data.  An  IBM  spokeswoman  says  the 
company  expects  the  acquisition  to  con¬ 
tribute  to  growing  revenue  in  IBM’s  database 
business.The  purchase  is  the  22nd  acquisi¬ 
tion  related  to  IBM’s  Information  On  Demand 
strategy 

www.nwdocfinder.com/9864 


Spotlight 


LINUX, 

OPEN  DOCS 


LinuxWorld  ready  to  go.  As  more  than 
11,000  attendees  prepare  to  converge  on 
San  Francisco  for  the  LinuxWorld 
Conference  &  Expo  this  week,  one  indus¬ 
try  analyst  says  customers  are  evaluat¬ 
ing  open  source  software  the  same  way 
they  evaluate  proprietary  software:  It 
has  to  be  priced  right  and  work  well. 

^  Enterprises 

bmWoRLD. 


CONFERENCE  A  EXPO 


are  judging 
open  source 
on  its  upfront 
cost,  total 

cost  of  ownership,  reliability  and  fea¬ 
tures,  just  as  they  would  a  commercial 
product,  said  Matt  Lawton,  an  analyst 
with  I  DC.  Attendance  at  LinuxWorld, 
scheduled  for  Monday  through  Thursday, 
is  expected  to  be  higher  than  last  year’s 
10,000  because  it  is  running  concurrently 
with  the  first-ever  Next-Generation 
Data  Center  conference. 
www.nwdocfmder.com/9859 


Fallout  from  state’s  open  docs 
decision.  Massachusetts  has  been  a 
lightning  rod  and  a  leader  in  the  move¬ 
ment  for  governments  to  embrace  open 
document  formats,  and  neither  of  those 
roles  change,  with  last  week’s 
announcement  that  it  will  adopt  Open 
XML.  Reverberations  from  the  state's 
final  decision  to  embrace  the  standard 
stretch  far  and  wide  from  people  with 
disabilities,  open  source  advocates, 
vendors  and  other  state  governments. 
The  reaction  is  not  all  negative,  espe¬ 
cially  given  that  Massachusetts’  earlier 
acceptance  of  the  Open  Document 
Format  has  put  the  open  document 
issue  on  the  world  map.  However, 
Massachusetts  did  start  out  with  the 
idea  of  banning  Microsoft  Office  and  its 
proprietary  lock-in,  yet  ended  up 
embracing  a  format  originally  developed 
by  Microsoft  and  supported  in  its  Office 
2007  program  —  and  that’s  what  has 
drawn  so  much  attention. 
www.nwdocfinder.com/9863 


Mozilla  rushes  out  another  Firefox 
patch.  Mozilla  last  week  patched  a  pair 
of  flaws  in  its  Firefox  browser,  two 
weeks  after  security  researchers  began 
posting  code  that  showed  how  the  flaws 
could  be  exploited  in  attacks.The  2.0.0.6 
version  of  Firefox,  fixes  a  pair  of  related 
flaws  in  the  URL  protocol  handler  com¬ 
ponent  of  Firefox. 
www.nwdocfinder.com/9860 
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NEWS  ANALYSIS 

Regulatory-compliance 
demands  put  IT  on  spot 


BY  ELLEN  MESSMER 

Meeting  the  goal  of  regulatory  compliance 
means  running  a  tight  security  ship.  When 
auditors  come  calling,  however,  how  do  you 
prove  that  you  do?  Security 
managers  share  their  tips 
about  how  high  tech  and 
plain  old  communication 
skills  can  make  the  differ¬ 
ence  between  passing  and 
failing.This  is  the  fourth  in 
a  series  of  stories  on  key 
security  issues  that  will  be 
addressed  at  the  Security 
Standard  event  scheduled 
for  Sept.  10-11  in  Chicago. 

Regulatory  compliance  means  getting  your 
organization’s  network  security,  data  storage 
and  content-protection  practices  to  conform 
to  relevant  laws  so  that  auditors  are  satisfied 
and  liability  is  reduced.  With  so  many  state 
and  federal  regulations,  not  to  mention  inter¬ 
national  ones,  such  as  the  European  Union’s 
data  privacy  rules,  how  does  a  security  man¬ 
ager  prepare  for  the  day  when  the  auditors 
knock  on  the  door  demanding  evidence  that 
all’s  in  order? 

Ask  Darcy  Soleil,  a  certified  IS  auditor  (CISA) 
at  Parker  Soleil  Consulting,  in  Ft.  Lauderdale, 
Fla.,  who  says  she’s  usually  called  in  to  assist 
management  in  assessing  the  IT  controls  de¬ 
manded  by  regulators  under  the  Sarbanes- 
Oxley  Act  (SOX). 

Her  job  is  to  help  companies  get  ready  for 
the  external  auditors  from  such  firms  as 
Deloitte  Touche  and  Ernst  &  Young  who  will 
perform  the  official  SOX  audits  needed  to  sat¬ 
isfy  the  Public  Company  Accounting  Over¬ 
sight  Board  set  up  by  the  U.S.  Securities  and 
Exchange  Commission  (SEC)  under  SOX. 

Congress  passed  SOX  five  years  ago  to 
tighten  financial  reporting  in  the  wake  of 
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The  Fairmont  Hotel.  September  10  -  U.  2007.  Chicago.  II 

The  skinny  on  The  Security  Standard 

What:  An  IDG  Executive  Forum  that 
takes  a  fresh,  holistic  approach  to 
understanding  what  it  takes  to  deliver 
an  effective  enterprise  security  strategy. 

When:  Sept.  10-11 

Where:  Chicago 

Register  online  at: 

www.thesecuritystandard.net/ 
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such  accounting  scandals  as  the  fraud 
uncovered  at  Enron  that  left  investors  and 
employees  ruined. 

Section  404  is  considered  the  IT-specific  sec¬ 
tion  of  SOX,  which  governs  publicly  traded 
companies  of  a  certain  size  and  will  expand 
this  December  to  include  smaller  firms,  those 
with  revenue  of  less  than  $75  million  per  year. 
Section  404  asks  for  evidence  of  “an  internal 
control  framework”  related  to  a  company’s 
process  for  financial  reporting. 

“This  could  apply  to  the  general  ledger  sys¬ 
tem,  for  instance,”  Soleil  says,  noting  that  the 
framework  regulators  want  refers  to  any  well- 
accepted  one,  such  as  COSO  or  COBIT.  (COSO 
stands  for  “The  Committee  of  Sponsoring 
Organizations  of  the  Treadway  Commission,” 
and  COBIT  stands  for  “Control  Objectives  for 
Information  and  related  Technology?’  so  it’s 
easy  to  understand  why  these  process  frame¬ 
works  are  seldom  mentioned  other  than  by 
their  acronyms.) 

As  a  CISA,  Soleil’s  visit  to  a  company  will 
start  with  an  examination  of  its  IT  processes 
ranging  from  change-control  systems  and  in- 
house  coding  to  how  the  organization  han¬ 
dles  identity  management  and  security 
assessments.  She  may  want  to  see  IT  or  other 
department  reports  dating  back  three  years. 
“I’ll  look  at  their  backup  systems  or  logical 
access,”  she  says.  “I’ll  look  for  anything  that 
eliminates  lack  of  accountability,  such  as 
shared  accounts.  One  of  the  biggest  issues  is 
segregation  of  duties.” 

A  process,  not  a  project 

Soleil  points  out  that  companies  benefit 
when  the  security  manager,  the  IT  department 
and  the  business  management  tackle  SOX 
compliance  as  “a  process,  not  just  a  project.” 
She  points  out  that  automated  controls  — 
rather  than  simple,  manual  ones  —  can  be  a 
plus  for  a  company 

“If  I’m  looking  at  a  Unix  system  or  an 
Oracle  database,  for  example,  if  I  know  it  has 
an  automated  process  for  provisioning,  I’ll 
have  to  do  less  testing,  and  it’s  less  expen¬ 
sive,”  says  Soleil,  whose  customary  fee  is  $100 
an  hour.  She  favors  automated  vulnerability¬ 
scanning  and  “continuous  monitoring" 
because  it  lowers  risk. 

The  Philadelphia  Stock  Exchange,  broadly 
regulated  by  the  SEC,  uses  Grant  Thornton  LLC 
as  its  external  auditor  and  Accume  Partners  as 
its  internal  one,  says  Bernie  Donnelly  the 
See  Compliance,  page  44 
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Nortel  on  a  shopping  trip; 
3Com  reportedly  atop  list 

Nortel  has  begun  discussions  with  poten¬ 
tial  takeover  targets,  according  to  a 
Reuters  report  citing  an  interview  with 
CEO  Mike  Zafirovski.  Nortel  is  looking  to 
acquire  companies  to  expand  its  reach  in 
key  markets,  such  as  the  enterprise,  VoIP 
and  IPTV.  One  such  target  is  believed  to  be 
3Com,  and  others  mentioned  include 
Foundry  Networks, Tellabs  and  Sonus 
Networks.  “We  are  doing  lots  of  analysis 
internally  on  how  to  grow  the  company 
organically,  and  we  started  discussions 
recently  with  companies  that  we  believe 
can  be  adding  to  our  growth  trajectory," 
Zafirovski  said.  “We’re  confident  that  we’ll 
be  able  to  successfully  integrate  other 
activities  if  the  pricing  is  appropriate." 

Dell  to  shell  out  $340  million 
for  IT  services  company  ASAP 

Dell  last  week  acquired  ASAP  —  a  com¬ 
pany  that  manages  software  licenses,  pur¬ 
chases,  renewals  and  compliance  —  to 
bolster  its  software  business. The  $340 
million  deal  marks  Dell’s  third  acquisition 
of  a  services  organization  in  the  past  year 
and  the  second  since  CEO  and  Chairman 
Michael  Dell  dismissed  then-CEO  Kevin 
Rollins  and  reorganized  the  company.  Dell, 
which  is  moving  from  direct  sales  to  dis¬ 
tributed-channel  sales,  picked  up  man¬ 
aged-services  vendor  SilverBack 
Technologies  last  month  and  ACS,  a 
British  IT  managed  services  company,  last 
November.The  ASAP  acquisition  will  fur¬ 
ther  Dell’s  goal  to  simplify  IT  for  cus¬ 
tomers  by  removing  cost  and  complexity 
and  improving  IT  implementation. 

Adobe  axes  link  to  Kinko's 
after  companies  complain 

Adobe  Systems  will  remove  a  menu  option 
in  its  Acrobat  and  Reader  programs  that 
lets  users  send  documents  over  the  Internet 
to  FedEx  Kinko’s  for  printing,  the  company 
said  last  week.The  move  comes  after  com¬ 
plaints  from  other  printing  companies,  who 
view  the  feature  as  steering  business  to 
FedEx  Kinko's,  one  of  the  larger  printing  ser¬ 
vices  companies  worldwide.The  menu 
option  is  included  in  Reader  8.1  and  Acrobat 
8.1,  appearing  in  the  “file”  menu. The  pro¬ 
grams  were  released  in  June  when  the  deal 
was  announced. 
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Slack  Hat  probes  hacker  exploits 

VoIP  security  holes,  virtualization  rootkits  and  botnets  are  hot  topics 


BY  ELLEN  MESSMER 

LAS  VEGAS  —  If  Las  Vegas  is  a  place  to  expose  all,  then  that  notion 
worked  for  the  security  experts  who  spent  two  days  here  at  the  Black 
Hat  Conference  laying  bare  the  security  weaknesses  of  everything 
from  VoIP  to  rootkits  and  cell  phones. 

For  the  roughly  3,700  attendees  who  packed  the  conference  held  at 
Caesar’s  Palace,  it  was  a  walk  on  the  wild  side  as  some  security  practi¬ 
tioners  shed  their  reserve  and  gloried  in  the  naked  truth  that  the  com¬ 
puter  systems  in  use  today  are  pretty  much  just  putty  in  the  hands  of  a 
good  hacker.  At  one  session,  speaker  Nick  Barbour,  senior  consultant  at 
security-services  firm  Mandiant,went  so  far  as  to  educate  his  audience 
about  how  to  write  better  malware. 

Being  able  to  find  more  clever  malware  that  can  evade  forensics  will 
“make  my  job  more  interesting,”  said  Barbour,  who  gave  a  presentation 
titled  “Stealth  Secrets  of  the  Malware  Ninjashe.”  Barbour  went  on  to 
describe  in  detail  techniques  for  Live  System  Anti-Forensics,  Windows 
hook-injection  mechanisms,  Library  Injections  and  more  that  he 
assured  his  listeners  could  take  evasive  malware  to  a  new  level.  “This 
talk  is  mostly  about  evil,”  he  said. 

Much  in  keeping  with  the  theme  of  Black  Hat,  where  honesty  is  not 
the  best  policy  but  the  only  policy  iSec  Partners  security  experts 
Himanshu  Dwivedi  and  Zane  Lackey  took  the  stage  to  deliver  the  bad 
news:  VoIP  systems  based  on  H.323  and  the  Inter  Asterisk  eXchange 
(IAX)  protocols  can  be  fairly  easily  compromised  and  brought  down. 

“There  are  a  lot  of  known  problems  with  SIR”  said  Dwivedi,  princi¬ 
pal  partner  at  iSec,  referring  to  the  VoIP  Session  Initiation  Protocol. 
“But  we  are  here  to  say  H.323  and  IAX  are  just  as  bad.” 

In  case  anyone  doubts  their  revelations  about  how  weak  authentica¬ 
tion  and  authorization  design  in  H.323  and  IAX  can  let  attackers  com¬ 
promise  VoIP  systems  and  launch  denial-of-service  (DoS)  attacks,  they 


have  made  available  exploit  tools  on  the  iSec  Partners  Web  site  to  prove 
their  claims. 

Returning  to  Black  Hat  to  take  up  the  theme  of  virtualization  rootkits, 
Joanna  Rutkowska,  the  noted  expert  who  brought  the  topic  to  world¬ 
wide  attention  last  year  with  her  virtualization  rootkit  malware  called 
“Blue  Pill”  acknowledged  that  researchers  are  getting  closer  to  detect¬ 
ing  her  creation.  At  the  end  of  her  technical  presentation,  she  an¬ 
nounced  she  was  posting  Blue  Pill  —  and  its  nested  hypervisor  variant 
New  Blue  Pill  —  for  general  download. 

That  evoked  some  concern  at  Symantec,  which  had  been  begging 
her  to  share  a  Blue  Pill  sample  before  the  conference.  Symantec, 
Matasano  Security  and  Root  Labs  are  teaming  on  a  project  to  detect 
virtualization  malware,  and  the  only  virtualized  malware  they  had 
tested  was  on  something  they  already  had  in  hand, Vitriol,  created  by 
researcher  Dino  Dai  Zovi. 

“We  think  it’s  actually  quite  dangerous  to  release  code  like  that  to  the 
public,” said  Oliver  Friedrichs,  director  of  Symantec’s  Security  Response 
division,  about  the  release  of  Blue  Pill.  While  the  stealthy  Blue  Pill  is 
intended  for  research  purposes  only,  Symantec  expects  it  could  quickly 
become  a  new  attack  vector.  He  said  there  were  no  plans  to  release 
Vitriol,  a  similar  type  of  virtualization  rootkit. 

Hacker  techniques  for  DoS  and  botnet  attacks  are  making  their  way 
into  social  conflicts,  such  as  the  cyberattacks  that  occurred  earlier  this 
year  against  Estonia,  a  small  nation  of  1 .3  million  people  with  a  well- 
developed  Internet-based  e-commerce  and  Web  infrastructure. 

Estonia  saw  its  banking  and  government  Web  sites  electronically  fired 
on  in  late  April  and  May. The  electronic  DoS  attacks,  coupled  with  what 
one  investigator  says  was  a  custom-built  botnet  designed  to  disrupt 
Estonian  home  and  business  networks,  came  as  tensions  between 

See  Black  Hat,  page  13 


Black  Hat 

continued  from  page  12 

Russian  nationalists  and  Estonians  spilled  over  into  street  riots  in  the 
nations  capital. 

“I  tried  to  understand  both  sides,”  said  Gadi  Evron,  the  well-known 
botnet  hunter  who  works  for  Beyond  Security  and  also  the  Israeli 
Computer  Emergency  Response  Team  (CERT).  He  says  he  was  invited 
by  the  Estonian  CERT  to  help  with  defense  and  analyzing  the  after- 
math  of  the  event,  which  some  are  calling  the  “first  Internet  war.” 

Evron  said  during  his  Black  Hat  presentation  that  he  wouldn’t  use 
that  term  but  said  it  was  a  cyberconflict.  He  said  the  current  analysis 
done  with  Estonian  officials  indicates  the  first  wave  of  DoS  attacks 
against  specific  Web  sites  may  have  been  triggered  by  the  “Russian  blo- 
gosphere”  where  angry  Russian  speakers  urged  use  of  attack  tools  to 
ping  Web  sites.“They  provided  a  tool  for  the  entire  population  to  use,” 
Evron  said. 

The  second  phase  of  the  attacks  a  few  weeks  later  saw  something 
more  sinister.  “One  attack  was  launched  by  specifically  crafted  bots,” 
Evron  said. “The  attack  target  was  hard-coded  into  the  source.” 

These  hard-coded  bots,  designed  to  attack  specific  Estonia  Web  sites, 
were  dropped  onto  home  computers  in 
Estonia,  basically  making  Estonian  home  com¬ 
puters  the  source  of  attacks  on  their  own 
country’s  infrastructure.  In  the  aftermath,  ana¬ 
lysts  are  trying  to  figure  out  whether  the  attack 
was  simply  energetic  hacktivists,  or  something 
even  darker,  such  as  a  coordinated  attack  by 
the  Moscow  Kremlin,  something  the  Russian 
government  has  fiercely  denied. 

“Who  is  behind  the  attacks?”  Evron  asked, 
answering  with  some  wry  humor,  “The  KGB. 

But  that  doesn’t  exist  anymore.” 

While  the  old  Soviet  Union’s  KGB  secret 
security  service  technically  no  longer  exists, 


it’s  hard  to  forget  its  style.“OK,the  KGB  no  longer  exists,”  Evron  said.“I 
can’t  tell  if  it  was  something  random  from  the  blogosphere  or  a 
planned  attack.”  But  he  added:“I  find  it  hard  to  believe  it  was  a  mere 
epidemic.” 

Several  signs  point  to  a  well-organized  plan  with  attack  events  com¬ 
mencing  at  virtually  the  same  time.“The  Russian-language  blogosphere 
was  updated  periodically  with  new  attack  instructions,”  he  noted.  “It 
was  adjusting  and  responding  to  the  defensive  actions  of  Estonia.” 

Evron  noted  that  this  style  of  Internet-based  information  battles  are 
likely  to  be  part  of  future  conflicts,  where  adversaries  turn  the  citizens’ 
computers  and  networks  against  them. 

Not  all  the  news  was  bad  at  Black  Hat. 

For  instance,  at  least  we  can  take  comfort  in  the  fact  that  cell  phone 
and  smart  phone  viruses  still  constitute  a  minute  proportion  of  the 
hundreds  of  thousands  of  overall  computer  viruses,  with  only  373  dis¬ 
tinct  phone-based  specimens  to  worry  about  so  far. 

That’s  according  to  Mikko  Hypponen,  chief  research  officer  at  F- 
Secure,  whose  Black  Hat  presentation  vividly  demonstrated  how  some 
of  those  viruses  can  attack  phones  via  Bluetooth  wireless  and  other 
means. 

Most  phone-based  viruses  are  targeting  Symbian  platform 
phones  today,  Hypponen  said,  though  he  guessed  that  would  shift 

more  toward  Windows  Mobile  and  the 
iPhone.  Cell-phone  virus  writers  today  large¬ 
ly  just  remain  malicious  pranksters  who 
write  malware  to  disrupt  phone  use,  he 
pointed  out. 

So  far  there’s  little  indication  that  these 
virus  writers  are  turning  into  the  kind  of 
money-loving  types  who  write  malware  for 
PCs  today  mainly  to  make  a  buck.  Nor  has 
the  type  of  malware  hitting  PCs  these  days, 
such  as  rootkits  or  viruses  that  replicate  over 
e-mail,  yet  been  seen, “and  we  haven’t  seen 
anything  that  we  couldn’t  clean  and  get  out 
of  a  phone,” Hypponen  concluded.® 


ONLINE:  Identity  management 

This  Buyer's  Guide  comprises  prod¬ 
ucts  that  fall  under  the  umbrella  of 
identity  management,  including  provi¬ 
sioning  tools,  single  sign-on  wares, 
federation  software,  ID  discovery  tools 
and  password  management  products. 
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Eiay  touts  data  center  direction 

Company’s  computing  guru  shares  views  on  virtualization 


BY  BETH  SCHULTZ 

Today  on  eBay,  you  just  might  find  that 
absolute  perfect  mantelpiece  you’ve  been 
looking  for,  at  a  great  price.  It’s  there,  nestled 
among  some  100  million  other  items,  placed 
for  sale  by  one  of  the  online  auction  site’s 
233  million  registered 
users.  Now  think  about  the 
back-end  infrastructure 
that  enables  you  to  find, 
and  then  buy  that  object  of 
your  delight,  and  you  do 
have  to  wonder  how  it  ever 
happens.  Contemplating 
the  database  environment 
alone  —  600  production 
Paul  Strong  database  instances  spread 
across  hundreds  of  medi¬ 
um-size  servers  —  is  enough  to  give  even  the 
most  stalwart  IT  executive  a  case  of  the  shakes. 

But  Paul  Strong,  distinguished  research  scien¬ 
tist  at  eBay  doesn’t  faze  easily 

“You  just  can’t  get  all  the  details  for  100 
million  items  on  a  single  machine,”  he  said 
in  a  recent  interview,  during  which  he 
described  eBay’s  IT  infrastructure,  discussed 
next-generation  trends  and  shared  how 
large  or  small  enterprises  could  benefit  from 
the  lessons  the  online  auction  site  has 
learned  along  the  way.  Here  are  some  of  his 
thoughts,  which  he’ll  also  share  during  an 
opening  keynote  address  at  IDG  World 
Expo’s  joint  Next  Generation  Data  Center 
(www.nwdocfinder.com/9832)  and  Linux- 
World  (www.nwdocfinder.com/9833)  con¬ 
ferences  in  San  Francisco  this  week. 

The  next-generation  data  center  today 

When  we  look  at  the  data  center,  we  don’t  see 
silos  and  silos  of  applications  on  islands  and 
silos  of  infrastructure,  because  those  have 
proven  to  be  expensive  and  not  particularly 
efficient,  and  they  tend  to  be  very  static.  We 
need  to  move  toward  [something]  more 
dynamic,  and  that  means  really  viewing  appli¬ 
cations  and  business  services  as  being  net¬ 
work-distributed.  And  the  platform  on  which 
they  run  is  the  data  center. The  data  center  is  a 
system  and  should  be  treated  as  such.  The 
application  components  are  distributed  across 
the  entire  system.  How  your  application  be 
haves  depends  on  where  your  load-balancers 
direct  traffic,  the  number  of  application  in¬ 
stances  behind  them,  how  you  connect  to  your 
databases.Your  applications  and  services  don’t 
run  on  a  single  server. They  run  on  a  collection 
of  resources  that  range  from  servers  to  fire 
walls,  load-balancers  and  such. 

Where  the  next-gen  data  center  is  headed 

One  of  the  real  trends  in  the  next-gen  data 
center  is  that  it’s  all  about  interconnected¬ 


ness.  It’s  about  the  fact  that  all  value  is  deliv¬ 
ered  by  connecting  sets  of  things  together 
and  agility  is  achieved  by  reconnecting  the 
same  sets.  So  it’s  all  about  relationships  and 
how  you  manage  them.  It’s  the  relationships 
that  deliver  value  and  how  you 
cable  together  your  infrastruc¬ 
ture,  how  you  make  your  appli¬ 
cations  and  services  communi¬ 
cate,  and  the  patterns  you  use 
to  drive  the  value  it  delivers  for  the  business. 

Managing  the  next-gen  infrastructure 

We’re  using  some  technologies,  for  example 
semantic  Web  technologies,  to  allow  us  to  have 
an  ontology  that  describes  our  infrastructure 
and  allows  us  to  ask  questions  of  it. We  want  to 
be  in  a  position  where  we  can  ask  our  man¬ 
agement  framework,  “If  a  user  presses  this  but¬ 
ton, show  me  the  things  in  the  path.” And  if  they 
have  a  problem  with  it, “Show  me  everything  in 
the  path  that  could  be  broken.”  Or  if,  say  a  load- 
balancer  in  our  infrastructure  breaks,  “Show 
me  which  business  process  is  impacted,  so  I 
can  understand  the  financial  impact  on  our 
business.”Things  like  that. 

We  have  a  good  start,  but  we  expect  that  we 
won’t  be  able  to  capture  all  of  these  relation¬ 
ships.  So  we’re  trying  to  build  a  system  that  if 
we  don’t  know  everything,  at  least  it  captures 
what  we  do  know, so  we  can  learn  or  infer  the 
things  that  we  don’t  know.  For  example,  if  we 
know  there’s  a  relationship  between  two 
application  components,  and  they  exchange 
a  message,  then  we  can  infer  —  even  if  it’s  not 
explicitly  stated  —  that  it’s  a  SOAP  message 
over  HTTP  [and]  they  must  be  able  to 
exchange  HTTP  messages  between  them. 
That  means  there  must  be  the  ability  to  create 
TCP/IP  connections  between  them,  which 
means  there  must  be  a  physical  link  that  con¬ 
nects  them,  because  you  know  the  applica¬ 
tion  which  is  exchanging  SOAP  messages 
depends  on  the  operating  system  to  have  a 
TCP  connection  between  them  that  depends 
on  physical  servers  that  have  bits  of  wire  con¬ 
necting  them  together.  So  by  knowing  the 
high-level  thing,  you  know  that  somewhere 
there’s  a  relationship,  and  you  can  go  away 
and  search  for  it  and  understand  and  see  if 
you  can  see  how  it’s  doing,  what  its  properties 
are.  Because  if  the  SOAP  message  is  running 
slowly, you  can  say, “OK,  well  what  are  the  phys¬ 
ical  cables  this  is  running  over?  Is  there  a 
problem  with  a  port  in  the  line?”  And  things 
like  that.  It’s  all  about  the  relationships. 

Server  virtualization's  role  at  eBay 

If  you  think  of  server  virtualization,  like 
VMware  and  Xen  and  a  whole  slew  of  others, 
we  don’t  use  a  lot  of  that  in  production.  The 
main  reason  is  that  one  of  our  main  constraints 


on  deploying  things  is  really  around  perform¬ 
ance  and  on  latency  very  specifically  Many  of 
the  virtualization  products,  at  least  up  until 
recently,  have  carried  a  latency  penalty 
because  obviously  if  you’re  going  to  do  some 
thing  that  goes  through  the  I/O 
stack,  then  it’s  going  to  have  to  go 
through  not  only  the  I/O  stack  of 
the  operating  system  but  the  vir¬ 
tual  machine  that  sits  under  it. 
However,  we  have  used  those  in  environments 
like  test  and  [quality  assurance]  where  we 
want  to  rapidly  provision  stacks  of  software  for 
testing  purposes. 

Database  virtualization  at  eBay 

By  using  database  virtualization,  we’re  able 
to  scale.  We  used  to  run  on  the  largest  com¬ 
puters  money  could  buy  with  the  most  mem¬ 
ory  you  could  fit  in  them.  And  it  didn’t  matter 
how  big  of  a  machine  we  got;  we  couldn’t  fit 
our  databases  onto  them.  So  initially  we 
started  partitioning  those  databases  in  a  tradi¬ 
tional  sense  by  having  discrete  instances.  And 
then  we  discovered  that  you  can’t  get  all  the 
details  for  100  million  items  on  a  single 
machine  either.  So  you  had  to  start  splitting 
them.  We  moved  a  very  large  chunk  of  data¬ 
base  functionality  out  of  the  traditional  data¬ 
base  tier  and  into  the  middle  tier.  We  heavily 
customized  it  so  we  were  able  to  basically 
scale  the  database  across  hundreds  of  .  .  . 
medium-size  servers  by  essentially  virtualiz¬ 
ing  the  database.  So  for  an  application  on  our 
infrastructure  that  uses  the  database,  the 
coder  doesn’t  need  to  know  anything  about 
the  database  vendor,  what  the  table  spaces 
look  like,  where  they  data  is  physically  located 
or  anything  else.  We  built  an  abstraction  layer 
into  our  application-layer  stack  that  allows  us 
to  virtualize  the  underlying  database.  So 
again,  we  get  the  same  benefits  in  general  of 
virtualization,  which  is  essentially  efficiency 
improvement,  scalability  improvements  and 
flexibility,  because  we  can  change  things 
behind  the  scenes  without  impacting  the 
application  that  depends  on  it. And  for  us,  and 
I  believe  many  users,  because  data  is  explod¬ 
ing  in  terms  of  its  quantity,  that  how  you  man¬ 
age  data  and  how  you  make  it  accessible  by 
very  large  distributed  applications  is  becom¬ 
ing  a  very  big  problem.  And  it’s  probably  one 
of  the  hardest  places  to  actually  scale. 

The  ultimate  next-gen  goal 

We  really  should  be  recognizing  that  we 
never  build  to  an  endpoint.  We’re  building  for 
constant  change  and  agility  and  responsive¬ 
ness  to  the  business.  Anything  static  possibly 
ends  up  being  a  constraint  on  the  business  in 
terms  of  agility  and  capabilities  of  delivering 
shareholder  value.  ■ 


NGDC 
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WHEN  GOOD  ENOUGH... 

IS  NOT  ENOUGH! 

QsTenG  -  Low  Latency  1 0  Gigabit  Ethernet  Switches 


Quadrics  has  a  background  in  High  Performance 
Computing  Networks  -  so  when  it  comes  to  raw 
performance  -  we  know  what  we're  taking  about. 

The  TGI 08  96  port  10  Gigabit  switch  leads  the 
market  in  ultra  low  latency  intelligent  Ethernet 
switching,  delivering  cut-through  routing  with 
latencies  as  low  as  400  ns.  Its  robust  layer-2 
switching  capabilities  and  the  ubiquity  of  Ether¬ 
net  make  the  TGI  08  the  core  switch  of  choice  for 
today's  datacenters. 


8  port  line  card 

FREE  EVALUATION  UNIT  AVAILABLE 
www.quadrics.com  -  408.955.0853 


TGI  08  -  starts  at  $32,000* 

•  Modular  chassis,  1 2  line  cards  for  up  to  96 
10  GbE  ports 

•  1 0GBASE-CX4  industry  standard  interfaces 

•  2  stage  internal  fat  tree,  480  Gbit/s  backplane 
connectivity 

•  Compact  form  factor  -  8U  rack  mountable 

•  Industry  standard  CLI  and  SNMP  interfaces 

*  price  applies  to  a  24  1 0  GbE  ports  configuration, 
redundant  controllers  and  power  supplies 


> 

Quadrics 


MEWS  ANALYSIS 


Big  Blue  readying  data  center  revamp 

IBM  says  it  will  save  $250  million  by  moving  4,000  servers  to  30  mainframes 


BY  JOHN  FONTANA 

IBM  last  week  said  it  will  consolidate 
nearly  4,000  PC  servers  onto  mainframes 
running  Linux,  in  a  move  that  will  cut  $250 
million  from  the  cost  of  operating  its  six 
major  data  centers. 

IBM  says  the  move  will  save  enough  en¬ 
ergy  to  power  a  small  town  and  will  reduce 
by  85%  the  square  footage  needed  to  house 
racks  of  computers. 

The  company  has  8  million  square  feet  of 
data-center  space,  which  is  equivalent  to 
139  football  fields. The  U.S.  sites  targeted  for 
server  consolidation  reside  on  approxi¬ 
mately  184,000  square  feet,  IBM  says. 

The  company  is  trying  to  add  yet  another 
chapter  to  the  life  of  the  ages-old  main¬ 
frame,  which  has  been  left  for  dead  on  the 
side  of  the  information  superhighway  more 
than  once.In  addition,  it  is  trying  to  make  a 
statement  about  the  future  of  distributed 
computing  and  IT  infrastructure  design  by 
tapping  into  the  mainframe’s  scale,  security 
and  virtualization  capabilities. 

“There  are  all  the  altruistic  aspects,  but 
IBM  is  doing  this  to  prove  a  point  they  have 
been  trying  to  make  for  years,”  says  Dan 
Olds,  principal  of  the  Gabriel  Consulting 
Group. “And  that  is  [that]  you  can  run  Linux 
apps,  small  apps,  the  nontraditional  main¬ 
frame  apps  on  the  mainframe  by  the  bushel 
load,  and  that  the  usage  model  will  pay  off 
in  terms  of  performance,  security  and 
economies  related  to  people  costs  and 
facility  costs.” 

Olds  says,  however,  that  to  be  successful, 
IBM  will  have  to  win  over  people  who  don’t 
use  mainframes. 

“They  have  to  get  where  a  nonmainframe- 
heritage  guy,  a  Unix  or  x86  guy,  is  willing  to 
take  a  look  and  take  it  seriously. That  is  what 
this  is  about.”  He  says  IBM  is  being  smart 
with  this  strategy  in  that  it  is  converting  its 
own  data  centers  first.  That  will  provide 
knowledge  for  IBM  and  credibility  when  it 
tries  to  sell  customers  on  the  idea. 


ONLINE:  Data  center  event 

Clustered  servers.  Grid  computing. 
Virtualized  storage.  Perimeterless, 
holistic  security.  Service-oriented 
management  platforms.  It's  the  land¬ 
scape  of  the  New  Data  Center.  Explore 
it  all.  Join  us  at  IT  Roadmap:  Dallas  on 
Sept.  6. 

www.nwdocfinder.com/9158 

— _ _ 


Virtual  testing 

The  avatar  of  IBM  researcher  Donna 
Dillenberger  stands  in  a  virtual  data  center 
in  Second  Life  that  IBM  built  and  is  con¬ 
necting  to  real  data  centers  so  companies 
can  study  power  management  issues.  IBM 
hopes  to  double  its  own  computing  capacity 
in  the  next  three  years  without  increasing 
its  power  consumption. 


“IBM  is  going  to  be  drinking  its  own  cham¬ 
pagne,”  says  Dave  Anderson,  System-z  green 
evangelist  for  IBM,  who  says  the  consolida¬ 
tion  focuses  on  systems  that  run  IBM’s  busi¬ 
ness  and  support  350,000  users. “I  think  you 
will  see  the  mainframe  make  a  huge  resur¬ 
gence  as  people  try  and  run  their  data  cen¬ 
ters  most  efficiently” 

IDC  last  week  reported  that  the  IBM  main¬ 
frame  posted  its  fifth  consecutive  quarter  of 
revenue  growth  and  outgrew  Windows- 
based  servers  in  2006  in  terms  of  revenue. 

And  IBM  said  earlier  this  month  at  its 
System  z  Summit  that  mainframe  hardware 
sales  in  the  fourth  quarter  of  2006  were  the 
largest  it  has  seen  since  the  fourth  quarter 
of  1998.  The  company  told  “Big  Iron 
Newsletter”  that  it  has  roughly  10,000  main¬ 
frame  installations  in  the  world,  and  re¬ 
ported  that  in  the  first  quarter  of  2007  it  had 
surpassed  1 1  million  aggregated  MIPS. 

“Nobody  has  just  a  mainframe,  but  it  will 
come  back  where  it  makes  sense,  where  you 
need  economy,  and  where  you  have  enough 


workload,”  Anderson  says. 

IBM’s  data-center  makeover  is  part  of 
Project  Big  Green,  a  commitment  IBM  made 
in  May  to  reduce  data-center  energy  con¬ 
sumption  for  IBM  and  its  clients. 

The  company  will  deploy  30  System  z9 
mainframes  running  Linux  within  six  data 
centers  to  replace  3,900  servers,  which  will 
be  recycled  by  IBM  Global  Asset  Recovery 
Services. 

The  data  centers  are  located  in  Pough¬ 
keepsie,  N.Y.;  Southbury,  Conn.;  Boulder, 
Colo.;  Portsmouth,  U.K.;  Osaka,  Japan;  and 
Sydney,  Australia. 

The  company  is  focusing  on  moving  work¬ 
loads  generated  by  WebSphere,  SAP  and 
DB2,  but  will  also  shift  some  of  its  Lotus 
Notes  infrastructure. 

The  mainframe’s  z/VM  virtualization  technol¬ 
ogy  will  play  a  big  role  in  dividing  up 
resources,  including  processing  cycles,  net¬ 
working,  storage  and  memory  With  z/VM  5.3, 
IBM  can  host  hundreds  of  instances  of  Linux 
on  a  single  processor.  The  z9’s  HiperSockets 
technology  a  sort  of  virtual  Ethernet,  will  sup¬ 
port  communication  among  virtual  servers  on 
a  single  mainframe.  IBM  also  will  take  advan¬ 
tage  of  logical  partitioning,  which  is  rated  at 
Common  Criteria’s  Evaluation  Assurance  Level 
5,  that  group’s  highest  security  ranking. 

Cutting  costs 

IBM  says  energy  costs  represent  the  bulk 
of  $250  million  in  expected  savings  over  five 
years. 

“We  are  saving  over  80%  in  energy  cost  by 
moving  from  distributed  servers  to  z9  tech¬ 
nology”  Anderson  says.  “Not  only  is  there 
cost  in  powering  IT  equipment,  such  as 
servers  and  storage;  but  also  infrastructure 
costs  for  computer-room  air  conditioning 
and  UPS  systems.  If  you  can  keep  a  lean  IT 
infrastructure,  it  helps  you  have  a  lean  facil¬ 
ities  infrastructure.” 

IBM  says  it  also  hopes  to  reduce  licensing 
costs,  especially  on  software  that  is  licensed 
per  processor,  and  to  free  up  staff  to  work 
on  projects  that  will  generate  revenue. 

IBM  plans  to  move  its  own  workloads  first, 
but  will  offer  hosting  services  to  customers 
from  the  mainframe-based  data  centers. 

What  does  IBM  have  to  say  to  such  compa¬ 
nies  as  Google, Yahoo  and  Microsoft,  which  are 
building  giant  data  centers  —  some  near 
hydroelectric  power  sources  —  and  filling 
them  with  racks  and  racks  of  servers? 

“The  model  today  with  distributed  servers 
is  unsustainable,”  Anderson  says. “You  really 
want  to  do  more  work  with  less  servers,  and 
pick  energy-efficient  servers  with  good  reli¬ 
ability  and  the  ability  to  scale.”  ■ 
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1 2  software-as-a-service  issues 

Before  choosing,  think  about  SOA,  data  security,  support  and  hype 


BY  JON  BRODKIN 

Software-as-a-service  is  just  about  the  most- 
discussed  topic  in  software  these  days.  It’ll 
probably  save  you  money  and  lead  to  faster 
implementation,  but  it’s  not  always  a  no-brain- 
er.  Here  are  12  things  to  think  about  before 
choosing  a  software-as-a-service  application. 

1.  Mission  critical. 

Don’t  use  software-as-a-service  for  any  appli¬ 
cation  your  company  cannot  do  business 
without  —  unless  you’re  sure  the  vendor  can 
support  it  better  than  you.  “You  shouldn’t  get 
[software-as-a-service]  for  any  application 
where  your  entire  company  is  depending  on 
that  application  running  successfully  all  the 
time,  and  you  feel  that  you  could  not  get  the 
reliability  or  the  performance  that  you  require 
except  by  controlling  it  yourself,”  consultant 
Amy  Wohl  says. 

A  stock  brokerage,  for  example,  should  keep 
trading  software  in-house.  But  a  large  company 
might  have  100  applications  that  it  absolutely 
cannot  run  the  business  without, she  says. 

Many  customers  are  apparently  confident  in 
the  ability  of  software-as-a-service  vendors  to 
support  mission-critical  applications.  Sauga- 
tuck  Technology  says  49%  of  enterprises  plan 
to  deploy  mission-critical  software-as-a-service 
applications  over  time. 

2.  Pay  as  you  go?  You  wish. 

We  all  know  software  vendors  are  addicted 
to  up-front  licensing  payments.  A  major  selling 
point  of  software-as-a-service  is  that  monthly 
payments  force  vendors  to  continually  im¬ 
prove  service  and  satisfy  customers.  But  most 
software-as-a-service  vendors  are  actually  turn¬ 
ing  this  model  on  its  head  and  forcing  cus¬ 
tomers  to  pay  fees  for  as  much  as  a  year  in  ad¬ 
vance, says  Jeffrey  Kaplan,  who  runs  consulting 
firm  ThinkStrategies. 

“Traditional  software  customers  are  tired  of 
parting  with  their  money  before  they  receive 
the  benefit  of  the  application,”  writes  technol¬ 
ogy  blogger  Ken  Boasso.“When  [software-as-a- 
service]  vendors  act  like  traditional  [inde¬ 
pendent  software  vendors]  by  requiring  up¬ 
front  annual  payment,  even  offering  deep 
‘time-value’  discounts,  customers  want  to 
know  how  [software-as-a-service]  is  different 
from  the  same-old,  same-old  and  if  there’s 
something  wrong  with  it.” 

3.  Don't  assume  your  data  will  be  safe. 

Make  sure  the  vendor  has  a  reliable  way  to 
back  up  data  in  case  there  is  a  disaster  or  the 
vendor  goes  out  of  business.  If  sensitive  data  is 
involved,  you  want  the  vendor  to  have  contin¬ 
gency  plans  for  backup  and  recovery  and  ser¬ 
vice  agreements  that  include  harsh  penalties 


THE  FUTURE  OF  SAAS 

75%  of  U.S.  businesses  will  deploy 
at  least  one  SaaS  application  by 

2010.  Mid-size  and  large  companies 
will  use  an  average  of  seven  SaaS 
applications  each  by  2010,  more 
than  double  today's  rate. 

30%  of  new  business  software 
deployments  will  be  SaaS  by  2012. 

for  losing  or  exposing  data. 

Customers  should  find  a  way  to  escrow  the 
application  itself  so  there  is  a  copy,  Wohl  says. 

Customers  “really  need  to  understand  the 
[software-as-a-service]  infrastructure  underly¬ 
ing  the  delivery  of  the  [software-as-a-service] 
solution,”  says  William  McNee,  president  and 
CEO  of  Saugatuck  Technology 

4.  But  software-as-a-service  could 
improve  security. 

Software-as-a-service  lets  companies  coop¬ 
erate  with  business  partners  without  expos¬ 
ing  their  internal  networks.  “A  lot  of  compa¬ 
nies  don’t  want  those  people  wandering 
around  inside  their  firewall,”  Wohl  says. 
Another  beneficial  side  effect  is  that  soft- 
ware-as-a-service  can  give  companies  the  off¬ 
site  backup  of  data  required  by  various  gov¬ 
ernment  regulations,  Kaplan  says. 

“We  need  to  have  off-site  backup  of  our  data 
to  be  compliant  —  lo  and  behold, software-as- 
a-service  with  its  off-site  hosting  solves  that 
problem,”  Kaplan  says. 

5.  Your  software-as-a-service  will  run 
better  on  a  service-oriented  architec¬ 
ture  (SOA). 

A  SOA  and  its  emphasis  on  Web  interfaces 
and  interoperability  will  give  you  an  IT  infra¬ 
structure  that  takes  advantage  of  the  strengths 
unique  to  software-as-a-service. 

“[Software-as-a-service]  is  able  to  leverage  a 
lot  of  next-generation  technologies  to  its  advan¬ 
tage.  This  includes  a  service-oriented  architec¬ 
ture  that  is  providing  a  tremendous  benefit  as  it 
relates  to  integrating  back  into  enterprise  appli¬ 
cations,”  McNee  says.  “Companies  going  down 
the  direction  of  SOA  will  find  that  their  integra¬ 
tion  with  [software-as-a-service]  -based  applica¬ 
tions  will  be  much  easier!’ 

6.  Single  sign-on. 

Look  for  vendors  who  offer  single  sign-on 
capabilities  that  authorize  users  to  work  on 
multiple  computing  resources. “This  is  particu¬ 


larly  important  with  more  complex  [software- 
as-a-service]  systems  that  also  include  third- 
party  add-ins,  such  as  background  checking 
[software-as-a-service]  applications  and  report¬ 
ing  [software-as-a-service]  applications,”  writes 
consultant  David  Linthicum. 

7.  Software-as-a-service  integration  is 
limited. 

Software-as-a-service  vendors  have  struggled 
to  find  a  good  way  to  integrate  their  applica¬ 
tions  with  those  made  by  other  vendors, 
Linthicum  says. 

“As  more  enterprises  move  their  applications 
to  [software-as-a-service],  there  is  a  growing 
need  for  SaaS-to-SaaS  integration,”  he  writes. 
“Unfortunately  as  customers  are  requesting  this, 
many  of  the  [software-as-a-service]  providers 
are  stumped  for  an  answer;  beyond  [hiring]  a 
bunch  of  developers  and  hoping  for  the  best.” 

Too  often,  this  approach  creates  expensive 
and  “cumbersome  architectures  that  lack 
agility”  Linthicum  argues. 

8.  Don’t  expect  too  much. 

A  software-as-a-service  application  that  works 
well  for  a  small  group  of  users  may  not  be  ready 
for  rollout  to  your  entire  enterprise.“You  need  to 
find  out  ‘what  can  I  reasonably  expect  from 
using  this  application?  Is  it  something  I  have  to 
limit  to  a  small  set  of  people?’”Wohl  says. 

If  more  than  one  department  uses  a  software- 
as-a-service  application,  set  boundaries. 
“Explicit  mechanisms  .  .  .  will  be  needed  to 
determine  who  decides  the  level  of  cus¬ 
tomization  of  software  and  who  pays  for  it 
when  two  departments  want  to  use  the  soft¬ 
ware  but  only  one  requires  modifications,” 
states  a  McKinsey  Quarterly  report. 

9.  Beware  of  the  overhyped  market 

Software-as-a-service  is  popular,  so  nearly 
every  vendor  wants  a  piece  of  the  market. 
Unfortunately  many  simply  take  existing  soft¬ 
ware  and  place  it  on  the  Web  without  giving 
any  consideration  to  ease  of  use. 

“Some  existing  software  vendors  are  bastard¬ 
izing  the  term,”  Kaplan  says.  “All  they’re  really 
doing  is  hosting  the  same  old  applications  with 
all  of  their  limitations. . . .  [software-as-a-service] 
applications  are  built  to  reside  on  the  Web,  and 
therefore  they  ought  to  be  easy  to  access.They 
ought  to  have  an  intuitive  interface  that’s  easy 
to  use.  Most  importantly,  they  should  have  the 
ability  to  have  multiple  users  collaborate  in 
real  time  with  that  application.” 

10.  Is  that  “throat  to  choke"  virtual  or 
human? 

Find  out  before  signing  up  whether  an 

See  SaaS,  page  22 
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A  semi-visible  semi-abomination 


I  seldom  hear  from  vendors  that  are  targets  of 
negative  comments  in  this  column.  Every 
now  and  then  1  get  a  flame,  and  once  in  a 
blue  moon  someone  actually  wants  to  talk  seri¬ 
ously  about  the  issues  I  raised.  NebuAd,  the 
advertising  start-up  I  criticized  recently,  turns 
out  to  be  one  of  those  blue-moon  companies. 

A  few  days  after  the  column  ‘An  invisible 
abomination”  (www.nwdocfinder.corn/982 1) 
appeared  in  early  July,  I  got  email  from  one 
Ben  Billingsley  who  identified  himself  as 
involved  in  marketing  for  NebuAd.  Billingsley 
said  he  had  read  the  column  “with  interest”  and  wanted  to  know  if  I 
would  be  open  to  talking  with  NebuAd  s  CEO.  No 
flameage,just  a  polite  offer,  so  I  accepted. 

Billingsley  set  up  a  conference  call  in  which  I 
was  able  to  have  an  informative  conversation 
with  him,  Chairman  and  CEO  Robert  Dykes  and 
President  of  Advertising  Systems  Kira  Makagon. 

I  wrote  the  original  column  using  information 
on  NebuAd’s  Web  site  and  from  a  number  of 
online  comments  and  blogs.  Dykes  did  not  say  I 
had  gotten  things  wrong  —  he  just  offered  to  describe  what  the  com¬ 
pany  did.  Based  on  his  description,  I’m  not  sure  1  did  get  the  basics 
wrong.  But  what  NebuAd  is  doing  is  not  as  bad  as  I  feared,  though  it’s 
not  as  good  as  I  would  like,  either. 

Basically,  the  company  monitors  all  sites  you  visit  and  builds  up  a 
profile  of  your  interests.  Based  on  what  Dykes  says,  the  profile  is  quite 
coarse  and  basically  keeps  track  of  the  categories  of  the  sites  you 
visit.  The  company  categorizes  the  sites  based  on  their  review  and  on 
scanning  site  metadata  and  text.  NebuAd  carefully  does  not  include 
any  categories  related  to  health  issues,  politics  or  adult  topics,  he 
says.Thus  it  winds  up  with  a  profile  tied  to  an  IP  address  (which  they 
hash  before  storing)  with  counters  indicating  how  often  particular 
types  of  sites  are  visited.  If  your  previous  Web  activities  included  visit¬ 


ing  a  lot  of  car-related  sites,  this  lets  NebuAd  serve  up  an  ad  for  a  car 
—  even  if  you  are  visiting  a  Web  site  focused  on  quilting. 

The  company  also  keeps  track  of  session-based  activities  —  for 
example,  how  many  people  visited  Ford,  what  they  saw  and  what  else 
they  visited.  NebuAd  provides  this  information  to  ad  agencies  but  only 
after  double-hashing  the  IP  address  to  make  it  essentially  impossible 
for  the  agency  to  link  the  activity  back  to  an  individual  IP  address. 

Dykes  also  says  that  NebuAd  tries  hard  to  be  sure  that  the  Web  site  or 
the  customer  knows  what’s  going  on.  Mostly  it  sells  its  services  to  Web 
site  operators  —  the  quilting  site  can  get  more  ad  revenue  if  it  is  not 
restricted  to  quilting-related  ads.  NebuAd  also  offers  its  services  to  ISPs. 
He  says  most  major  ISPs  do  not  want  NebuAd  to  add  still  more  ads  to 
the  user  experience  but  ad-supported  ISPs  (for  example  public  Wi-Fi 
networks)  do  want  the  revenue  from  additional 
ads.  NebuAd  insists  ISPs’  users  are  told  upfront 
about  the  usage  monitoring,  with  enough  lead 
time  that  they  can  switch  providers  if  they  want 
to,  according  to  Dykes.  He  also  says  that  any  ad 
that  NebuAd  inserts  without  the  Web  site’s  OK 
has  a  banner  on  it  indicating  that  the  ad  is  not 
from  the  site.  Billingsley  sent  me  an  example;  I’d 
just  as  soon  that  the  banner  was  bigger  and 
clearer,  but  at  least  there  was  one. 

As  1  said,  I’m  now  not  as  unhappy  as  I  was.  I  still  do  not  like  the  idea 
that  NebuAd  is  keeping  track  of  what  I’m  doing,  and  worry  about  what 
additional  info  the  company  might  decide  to  start  using  its  systems  to 
record  if  it  runs  into  financial  difficulty  or  is  bought  by  a  less  scrupu¬ 
lous  company  NebuAd  and  its  privacy  board,  however,  do  seem  to  be 
trying  to  do  this  bad  thing  in  as  responsible  a  way  as  I  can  think  of. 

Disclaimer:  It’s  not  likely  that  Harvard  will  run  into  significant  finan¬ 
cial  difficulty  anytime  soon, so  the  above  worries  would  not  apply  and 
the  university  has  not  expressed  any  specific  opinion  on  this  topic. 

Bradner  is  Harvard  University’s  technology  security  officer.  He  can  be 
reached  at  sob@sobco.com 


NET  INSIDER 

Scott  Bradner 


“What  NebuAd  is  doing  is  not 
as  bad  as  I  feared  —  though 
it’s  not  as  good  as  I  would 
like,  either.” 


A  knack  for  network  access  control 


RISK  &  REWARD 

Andreas  Antonopoulos 


Network  access 
control  is  a  huge 
topic  of  discus¬ 
sion  in  IT  and  a  focus 
of  vendor  activity  Over 
time,  the  acronym  has 
become  almost  ge¬ 
neric  through  over¬ 
use,  and  the  definition 
varies.  When  I  asked 
IT  executives  how 
they  define  it,  the  con¬ 
sensus  is  that  NAC’s  core  involves  three  things: 

•  Admission  control,  which  selectively  lets 
hosts  attach  to  the  network  and  stay  attached 
—  a  key  to  NAC,  according  to  all  who 
answered  this  question. 

•  Health  checks,  which  see  that  connecting 
systems  are  up-to-date  on  patching,  antivirus 
software  and  the  like. These  are  part  of  a 
majority  of  respondents’  definition  of  NAC. 

•  Access  control,  which  determines  which 
hosts  can  see  or  do  what  when  they  are 
attached.  A  minority  of  those  surveyed  cite 
access  control  as  ideal  in  a  NAC  system.  A 
CISO  at  a  financial  services  company 


explains  this  feature  as  “the  ability  to  validate 
end  systems  prior  to  gaining  access  and  then 
controlling  where  they  are  allowed  to  go 
once  they  are  on,  much  like  user  manage¬ 
ment  should  be.” 

Few  respondents  practice  NAC.  Connecting 
to  the  VPN  is  the  extent  of  NAC  for  most  exter¬ 
nal  hosts,  for  example,  and  there  is  no  access 
control  on  LAN  ports.  About  14%  of  respon¬ 
dents  check  endpoints  for  application  and 
operating-system  patches;  the  presence  of  fire¬ 
walls  and  antivirus  or  antispyware  software; 
USB-attached  devices;  and  password  strength. 
Nearly  60%,  however,  wish  they  could  check  at 
least  for  firewalls  and  antivirus  and  antispy¬ 
ware  tools,  and  about  40%  desire  password 
and  operating-system  checks.  Less  than  a  third 
want  application  checks. 

Cost  and  complexity  explain  most  of  the 
gap  between  the  level  of  checking  desired 
and  the  level  implemented;  NAC  can  require 
added  network  infrastructure  and  sometimes 
upgrades  to  existing  network  equipment,  for 
example,  to  support  the  802.  IX  standard  for 
authenticating  network  access  at  the  switch- 
port  level.  Although  few  are  spending  any¬ 


thing  on  NAC  yet,  everyone  feels  future 
spending  on  NAC  probably  (most  feel  cer¬ 
tainly)  will  go  up. 

Applying  admission,  health  and  access  con¬ 
trols  on  endpoints  sounds  enticing,  but  until  it 
can  be  done  without  network  overhauls  and 
with  more  broadly  interoperable  protocols, 
adoption  probably  will  be  slow  and  spotty 

Antonopoulos  is  senior  vice  president  and 
founding  partner  at  Nemertes  Research ,  a  tech¬ 
nology  research  firm.  He  can  be  reached  at 
andreas@nemertes.  com. 


ONLINE:  Security  event 

As  security  moves  up  the  stack,  the 
focus  shifts  to  content,  apps,  data  and 
defense-in-depth  architecture.  Learn 
how  to  structure  your  security,  close 
vulnerabilities  and  respond  to  attacks. 
Attend  IT  Roadmap:  Dallas  on  Sept.  6 

www.nwdocfinder.com/9157 
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Manage  your  network  and  troubleshoot  problems. 
Anytime  from  anywhere. 


NetOp  Remote  Control  is  the  fast,  secure  solution  to  remotely 
manage  networks,  applications  and  data  with  256  bit  encryption. 

NetOp  Mobile  enables  you  to  send  information  easily,  quickly 
and  securely  to  PDAs,  handheld  terminals  and  SmartPhones. 

NetOp  On  Demand  is  the  online  remote  control  help  desk 
solution  that  doesn't  require  pre-installed  software  and  doesn't 
leave  a  footprint. 


Visit  our  website  or  contact  a  sales  rep 
for  a  FREE  trial  copy 
www.NetOpTech.com 
USsales@NetOp.com 

866-907-2971 


Triple  play  or  triple  threat? 


Things  are  supposed  to  happen  in  threes, 
and  the  trio  the  network  arena  has  been 
focusing  on  is  the  “triple  play”  of  voice, 
data  and  video  service.  But  a  new  triple  has 
emerged,  one  that’s  potentially  a  greater  influ¬ 
ence  on  the  industry  —  and  for  some  at  least 
it’s  not  a  good  influence. 

Mobile  services  have 
been  the  financial  darling 
of  the  service-provider 
industry,  growing  in  rev¬ 
enues  and  largely  keeping 
the  big  providers  ahead  of  the  game  as  legacy  wire- 
line  service  revenues  fall.  Mobile  has  become  the 
No.  4  item  in  the  evolution  from  triple  play  in  fact, 
but  it’s  also  the  focus  of  our  new  trio  of  threats. 

Our  first  threat  is  Apple’s  multimodal  iPhone.  Is  the  iPhone  cool? 
Sure,  but  that’s  not  the  big  news.  Neither  is  its  design  or  its  Web  surf- 
ing.The  big  factor  is  that  the  iPhone  works  with  Wi-Fi  in  addition  to 
cellular  service.  In  fact,  because  the  iPhone  supports  only  the  slower 
form  of  wireless  data,  it  works  a  lot  better  on  Wi-Fi  than  on  the  wire¬ 
less  network. 

IPhones  are  far  from  the  first  to  be  multimodal  like  this,  but  the  popu¬ 
larity  of  the  iPhone  is  going  to  increase  the  number  of  people  who  use 
mobile  instruments  on  something  other  than  the  mobile  network.That 
weakens  the  wireless  operators’  control  over  the  customer  by  not  only 
allowing  the  customer  to  have  an  “out-of-provider  experience”  but 
encouraging  it.  In  a  hot  spot,  a  user  could  learn  to  stray  from  the  carrier 
fold  (for  now, AT&T). 

To  what?  Well,  that’s  where  the  next  threat  comes  in.  Fixed  wireless 
is  encroaching  on  3G.  Municipal  Wi-Fi  networks  are  gaining  ground. 
Sprint  and  Clearwire  are  partnering  to  create  a  national  WiMAX  net¬ 
work. Today’s  iPhone  doesn’t  work  with  WiMAX,  but  nobody  doubts 
that  a  future  version  will.T-Mobile  is  pushing  its  own  multimodal  ser¬ 
vice  plan  using  its  own  hot  spots  or  the  customer’s  home  Wi-Fi. The 
threat  is  so  great  that  one  of  the  hottest  new  technology  concepts  in 
wireless  is  femtocells.or  microcells  using  3G  technology  that  are 
installed  in  the  home  (or,  in  theory,  in  other  places)  to  create  an 
owned-by-the-carrier  form  of  home  Wi-Fi  access. 

The  reason  this  issue  is  so  critical  is  that  advanced  mobile  ser¬ 
vices, such  as  video  or  even  Web  surfing,  aren’t  something  that  can 
be  easily  conducted  while  whizzing  along  the  expressway  at  65  mph 
or  so. This  is  coffee-klatch  activity,  the  sort  of  thing  you  do  sitting  in  a 
nice  outside  table  on  a  promenade. Those  are  the  kinds  of  places 
where  Wi-Fi,  or  even  better  WiMAX,  could  reach  easily.  In  fact, 
Clearwire  has  said  that  most  of  its  customers  have  wireline  broad¬ 
band  already,  so  they’re  using  the  service  for  “portable”  needs. 
Phone  users  could  do  simple  voice  on  3G  and  take  all  their  non¬ 
voice  services  off-net,  and  off  the  bill. 

Of  course,  all  of  this  is  hampered  by  the  fact  that  in  the  United  States 
at  least, your  carrier  provides  your  mobile  handset  and  the  carrier  may 
be  less  than  enthusiastic  about  your  intended  exercise  in  broadband 
democracy,  because  it  potentially  loses  your  payments  for  these 
advanced  data  and  video  services.  But  maybe  not  for  long,  because  the 
FCC  is  exploring  setting  aside  a  portion  of  spectrum  for  open  wireless 
services.  This  allocation  would  be  available  only  to  bidders  who 
promise  no  instrument  or  service  constraints  on  the  user.  Google,  not 
surprisingly  already  has  indicated  it  will  throw  some  of  its  war  chest  at 
the  auction  for  this  spectrum  if  it  becomes  available  as  planned. 

There  has  been  increased  pressure  on  regulators  to  open  up  the 
mobile  space,  a  kind  of  backlash  against  the  fact  that  competition  for 
wireline  broadband  seems  limited  to  fights  between  cable  and  the 
RBOCs.The  plan  to  set  aside  some  open  spectrum  won’t  be  world¬ 
changing  in  itself,  because  only  big  players  can  bid  the  amounts  likely 
to  be  needed  to  win  auctions  in  major  metropolitan  areas,  and 
because  the  cost  of  deploying  3G  cells  is  far  from  trivial.  But  it  will  cre¬ 
ate  pressure  on  the  big  mobile  operators  to  open  their  own  networks 
just  a  bit,  and  then  maybe  a  bit  more. . .  .You  get  the  picture. We  are  like 


ly  moving  toward  more  open  wireless. 

All  this  is  probably  very  good  news  for  the  consumer,  because  mobile 
services  are  really  a  lot  more  walled  gardens  than  anything  else  that’s 
offered.  It’s  also  likely  very  bad  news  for  the  operators,  because  it  will 
erode  away  their  absolute  control  of  the  revenue  stream  that  flows  out 
of  mobile  customers.That  has  significant  network  infrastructure 
impacts,  too. 

The  most  likely  immediate  impact  is  on 
the  IP  multimedia  subsystem,  or  IMS.The 
darling  of  the  trade-show  circuit  last  year, 

IMS  was  far  from  a  show-stopper  in  the 
debut  of  NXTcomm  this  year,  and  it  could  be 
that  the  handwriting  was  already  on  the 
wall.  For  all  its  talk  about  application 
enabling,  IMS  is  a  customer-ownership  archi¬ 
tecture.  If  the  triple  threat  I’ve  talked  about  weakens  the  ability  to 
“own”  the  customer,  it  weakens  IMS.The  Verizon  A-IMS  and  AT&T 
CARTS  (Common  Architecture  for  Real-Time  Services)  are  examples  of 
extensions  to  the  basic  IMS  capabilities  to  incorporate  more  service 
types  and  more  customer-relationship  flexibility  A  number  of  IMS  sup¬ 
porters  are  already  considering  how  IMS  could  be  adapted  to  the  new 
“unlocked  customer”  situation. 

All  of  this  activity  may  be  coming  from  the  wrong  end  of  the  industry 
though.  Incumbent  operators  aren’t  noted  for  their  ability  to  adapt  to 
new  consumer  trends,  and  all  of  the  accommodations  to  these  threats 
that  I’ve  seen  so  far  from  the  legacy  mobile  operators  and  equipment 
vendors  have  focused  on  somehow  getting  customer  ownership  back. 
It’s  probably  too  late  for  that  now,  because  none  of  these  three  threats 
seem  likely  to  go  away. 

Nolle  is  president  of  CIM1  Corp.,  a  technology-assessment  firm  in 
Voorhees,  N.J.  He  can  be  reached  at  tnolle@cimicorp.com. 


SaaS 
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application  is  “self-supported”  via  the  Web  or  if  the  vendor  makes  live 
customer  service  reps  available  to  users.  “Some  of  the  more  simple, 
straightforward  applications. .  .  where  software  is  relatively  intuitive, 
there  may  be  minimal  tech-support  services  available.Therefore,  there 
could  be  a  lag  in  response  times,”  Kaplan  says. 

11.  You  still  need  in-house  support. 

Software-as-a-service  expenses  are  often  justified  by  vendor  promises 
to  deliver  better  services  than  customers  receive  with  traditional  soft¬ 
ware.  But  to  get  the  full  benefit  of  improved  services,  IT  shops  must 
match  service-level  guarantees  and  make  internal  commitments  to  busi¬ 
ness  users  and  their  own  customers. 

“For  example,  if  a  software-as-a-service  vendor  guarantees  a  service 
level  on  invoice-processing  speed,  the  IT  department  must  ensure  the 
availability  of  the  purchasing  department’s  infrastructure  system  that 
supports  this  function,”  the  McKinsey  report  states. 

12.  Size  matters  -  sometimes. 

Software-as-a-service  is  often  billed  as  a  good  solution  for  small-  and 
midsize  businesses  (SMB)  who  want  to  control  costs  and  lack  extensive 
IT  staff.  But  many  proponents  that  companies  of  any  size  can  benefit. 

“When  you  put  software  up  on  the  Internet . . .  who  will  use  it  depends 
on  what  the  software  does,  how  good  it  is  and  what  it  costs.  The  size  of 
the  company  doesn’t  actually  enter  into  the  equation, ”Wohl  says. 

But  software-as-a-service-shopping  SMBs  face  a  different  decision 
process  than  large  enterprises,  one  that  should  favor  application  suites 
rather  than  individual  tools. 

“NetSuite  is  very  much  of  the  belief  that  the  suite-oriented  approach 
for  an  SMB  customer  makes  a  lot  of  sense,”  McNee  says.“SMB  customers 
don’t  have  a  lot  of  IT  staff,  they  don’t  have  a  lot  of  time  and  expense  to 
integrate  all  these  applications.” ■ 


REALITY  CHECK 

Thomas  Nolle 
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Start  with  the  right  rack, 
and  you  can't  go  wrong. 


Get  the  seamlessly  integrated,  fully  compatible 
NetShelter^  rack  system  from  APC®. 

APC,  the  name  you  trust  for  power  protection,  also 
offers  a  comprehensive  line  of  non-proprietary  racks, 
rack  accessories  and  management  tools  that  ensure 
the  highest  availability  in  a  multi-vendor  environment. 
With  APC  racks,  accessories,  and  management  tools, 
you  can  design  a  comprehensive  rack  solution  that 
meets  your  availability  needs  for  today  and  that 
easily  scales  up  for  tomorrow. 

Need  assistance?  Our  expert  Configure-to-Order 
Team  can  custom  tailor  a  complete  rack-mount 
solution  that  suits  your  specific  requirements. 

Contact  APC  today  and  protect  your  rack  application 
with  Legendary  Reliability®. 


The  NetShelter®  SX  is 
vendor  neutral  and  carries 
the  "Fits  Like  a  Glove" 
compatibility  guarantee. 


DELI  •  CISCO  •  LUCENT  J 


P  =  Power  C  s  Cooling  R  b  Racks 


NetShelter  is  completely 
compatible  with  all  APC 
award-winning  InfraStruXure® 
architecture,  allowing  you  to 
add  rack,  power  and  cooling 
on  a  scalable  as-needed  basis. 


NetShelter®  SX  starts  at  $1150 
Rack  enclosures  with  advanced  cooling,  power  distribution, 
and  cable  management  for  server  and  networking 
applications  in  IT  environments. 

•Integrated  rear  cable  management  channels  allow  easy 
routing,  management  and  access  to  large  numbers  of 
data  cables. 

•3000  lbs.  weight  capacity. 

•  Vendor  neutral  mounting  for  guaranteed  compatibility. 

•  Tool  less  mounting  increases  speed  of  deployment. 

Rack  PDU  starts  at  $89.99 
Power  distribution  that  remotely  controls  power 
to  individual  outlets  and  monitors  the  aggregate 
power  consumption. 

•Switched,  metered,  and  basic  models  available. 

•Includes  horizontal,  vertical,  and  toolless  mount. 

•Puts  power  in  the  racks  near  the  equipment  where 
it  is  needed  most. 

•  Wide  range  of  input  and  output  connections  from 
single-phase  to  3-phase. 

Cable  Management  starts  at  $29.99 
Comprehensive  selection  of  accessories  designed 
to  organize  power  or  data  cables  within  a 
rack  environment. 

•Eliminates  clutter  and  cable  stress. 

•Zero  U  of  rack  space  with  the  vertical  cable  organizer. 
•Quick-release  tabs,  toolless  mounting. 

Rack-mount  Keyboard  Monitor  starts  at  $1550 
1U  rack-mountable  integrated  keyboard,  monitor  and  mouse. 

•  15"  or  17"  ultra-thin,  LCD  monitor  with 
integrated  keyboard. 

•Ease  of  installation  minimizes  support  and 
maintenance  costs  ensuring  lower  cost  of  ownership. 

•Can  be  used  in  a  variety  of  IT  environments  from 
computer  rooms  to  large  data  centers. 

Rack  Air  Removal  Unit  SX  starts  at  $2600 
Rear-door  fan  system  for  performance  heat  removal  up  to  23kW 

•  Temperature  controlled,  variable  speed  fans  allow  reduced 
energy  consumption  during  off-peak  cooling  periods. 

•  Ducted  exhaust  system  increases  air  conditioning  efficiency 
and  prevents  hot  spots  by  eliminating  recirculation. 

•  Manageable  via  Web,  SNMP,  Telnet  and  local  LCD  display. 

NetBotz®  Security  and  Environmental 

starts  at  $889 

Protecting  IT  assets  from  physical  threats. 

•  Visual  monitoring  of  all  activities  in  the  data  center 
or  wiring  closet. 

•  Third-party  monitoring  via  dry-contacts,  SNMP,  IPMI, 

0-5V and 4-20mA. 

•User-configurable  alarm  and  escalation  policies. 

•  Temperature,  humidity,  and  leak  detection. 


Download  Free  Rack  White  Papers 

For  full  details.  Visit  www.apc.com/promo  Key  Code  x238x 
•  Call  888.289.APCC  x9159  •  Fax  401.788.2797 


Legendary  Reliability® 
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’Net  neutrality?  Google,  go  first! 


You’ve  got  to  admit  that  when  it  comes  to 
public  relations,  Google  totally  rocks.The 
company’s  goofy  name  has  become  the 
generic  term  for  “search  the  Web” —  a  brand¬ 
ing  coup  your  average  Madison  Avenue  mar¬ 
keting  wizard  would  kill  his  grandmother  for. 
And  the  company’s  motto  (“Don’t  be  evil”) 
and  ostentatious  eco- 
friendliness  successful¬ 
ly  promote  the  image 
of  a  wacky  company 
that  just  wants  to  be 
your  best  buddy 

But  that’s  nothing  compared  to  Google’s 
amazingly  Orwellian  effectiveness  at  rework¬ 
ing  terms  like  “openness”  and  “neutrality  On 
Planet  Google,  what  “openness”  really  means 
is  “other  companies  should  share  their  resources,  so  Google  can  gain 
a  competitive  edge.”  And  “neutrality”  means  “telcos  can’t  be  trusted  to 
charge  fair-market  rates  for  the  use  of  their  infrastructure,  and  we 
need  the  feds  to  force  them  to.” 

And  the  kicker?  None  of  this  applies  to  Google  itself.  Google  can 
be  trusted  to  do  the  right  thing  because  . .  .well, the  company  says 
so. They’re  the  good  guys  Oust  ask  ’em).  And  telcos  are  the  bad  guys. 
They  just  are. 

Forget  “don’t  be  evil” —  Google’s  real  motto  is:  “Just  trust  us  (and 
pay  no  attention  to  the  man  behind  the  curtain).” 

Sorry,  fellas,  I’m  not  the  trusting  sort.  And  1  always  worry  about  the 
man  behind  the  curtain. The  reality  behind  the  propaganda  is  this: The 
“open”  company’s  considerable  fortunes  are  based  around  the  world’s 


most  proprietary  search  engine.  And  as  for  “neutral” —  try  Googling 
Google,  and  you  may  notice  something  surprising:  very  few  negative 
comments  on  the  company  pop  up.  Odd,  no? 

Google  has  publicly  acknowledged  acts  of  censorship,  such  as  wip¬ 
ing  Vice  President  Dick  Cheney’s  residence  from  satellite  maps,  and 
bowing  to  political  pressure  to  eliminate  content  from  sites  in  differ¬ 
ent  countries.  Neutrality?  Not  on  Planet  Google. 

The  bottom  line  is  that  Google’s  done  a  ter¬ 
rific  job  propagandizing  itself  —  and  demo¬ 
nizing  its  competitors.  Imagine  if  Google  were 
owned  by  a  telco:  The  ’Net-neutrality  folks 
would  be  marching  on  Washington,  shrieking 
that  no  telco  can  be  trusted  to  operate  a 
search  engine  fairly  Google,  on  the  other 
hand, should  be  free  to  do  exactly  what  it 
wants  —  because  they’re  the  good  guys. 

Nice  try  guys,  but  no  cigar.  Here’s  what  I  pro¬ 
pose.  Google  wants  ’Net  neutrality?  Great!  Virtue  begins  at  home.  Let  the 
company  first  propose  federal  regulation  of  all  search  engines  to  ensure 
“neutral”  rankings  of  search  results,  and  to  guarantee  that  information 
isn’t  getting  concealed  (or  revealed)  for  political  purposes.  Let’s  see 
Google  regulate  itself  —  then  we’ll  consider  regulating  its  competition. 

I’m  not  holding  my  breath.  But  as  1  said,  I’m  not  the  trusting  sort.  One 
thing  I’ve  learned  to  count  on  over  the  years  is  a  healthy  distrust  of  the 
motives  of  large  corporations. That  includes  telcos.  And  Microsoft.  And 
Google,  too. 

Johnson  is  president  and  senior  founding  partner  at  Nemertes 
Research,  an  independent  technology  research  firm.  She  can  be  reached 
at  johna@nemertes.com. 
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**To  Google,  ‘neutrality’ 
means  ‘telcos  can’t  be 
trusted  to  charge  fair-market 
rates.’55 


IBM  offers  break  on  supercomputer 

University  of  Alabama  at  Birmingham  takes  advantage  of  price  reduction 


BY  JON  BRODKIN 

IBM  boosted  supercomputing  a  few  notches 
in  June  with  the  Blue  Gene/Pa  system  nearly 
three  times  as  fast  as  its  predecessor  at  a  cost 
of  $1.3  million  per  rack. 

But  in  anticipation  of  the  Blue  Gene/P  IBM 
dropped  the  price  of  the  Blue  Gene/L,to  about 
$800,000  late  last  year.  That  prompted  sales  of 
Blue  Gene/L  to  more  than  double  in  the  first 
half  of  this  year,  compared  to  the  second  half 
of  2006, says  Herb  Schultz,  IBM’s  deep-comput¬ 
ing  marketing  manager.  At  its  highest  price,  the 
Blue  Gene/L  cost  $1.3  million  per  rack,  same 
as  the  P’s  current  price. 

“It’s  still  a  very  viable  platform,”  Schultz  says. 
Among  universities  “we’ve  had  some  really  big 
sales,  RPI  and  Stony  Brook,  for  instance.” 

Another  buyer  was  the  University  of  Alaba¬ 
ma  at  Birmingham  (UAB),  which  begun  using 
a  Blue  Gene/L  a  month  or  two  ago  to  design 
drugs  that  could  treat  clogged  arteries,  neuro¬ 
logical  diseases  or  certain  types  of  cancer. 

UAB  is  not  a  minor  player  in  research,  doing 
more  than  $225  million  worth  of  work  for  the 
National  Institutes  of  Health  each  year.  But  it 
was  reluctant  to  splurge  on  a  supercomputer 
until  the  recent  price  drop. 

“We  knew  the  L  was  a  model  near  the  end  of 
its  production,  and  we  were  able  to  secure  a 
much  better  price  on  that  than  we  would  on 


the  newer  model,” says  Richard  Marchase,vice 
president  for  research  and  economic  devel¬ 
opment  at  UAB.  “For  our  purposes,  the  L  had 
plenty  of  capacity!’ 

UAB  tripled  its  computing  power  in  compu¬ 
tational  biology  and  molecular  simulations 
with  the  purchase.  The  supercomputer  will 
shorten  the  yearslong  process  of  developing 
drugs  targeted  at  specific  protein  structures, 
Marchase  explains. 

In  computational  biology,  UAB  researchers 
will  use  the  supercomputer  to  examine  data 
about  proteins  and  find  protein  structures  that 
are  thermodynamically  stable,  he  says.  Once 
those  structures  are  identified,  which  could 
happen  in  six  to  eight  months,  researchers  can 
begin  figuring  out  what  kinds  of  small  mole¬ 
cules  could  interact  with  protein  structures  in 
ways  that  cure  diseases,  he  says. 

“The  increase  in  speed  that  we  were  able  to 
purchase  with  the  Blue  Gene  is  allowing  us  to 
go  through  these  iterations,”  Marchase  says. 
“These  processes  are  very  iterative,”  he  says, 
requiring  researchers  to  study  individual 
structures  and  improve  upon  them  incre¬ 
mentally  over  many  steps. 

The  Blue  Gene/P  can  perform  13.9  trillion 
operations  per  second,  compared  with  5.6 
trillion  for  the  Blue  Gene/L  purchased  by 
UAB. 


IBM  doesn’t  want  the  Blue  Gene/L’s  late-in- 
life  sales  increase  to  last  forever.  Schultz  says 
IBM  is  aiming  to  transfer  existing  customers 
to  the  Blue  Gene/R  which  delivers  more 
power  per  dollar  and  per  watt. 

The  Blue  Gene/P  has  four  publicly  an¬ 
nounced  customers,  including  the  U.S.  De¬ 
partment  of  Energy  and  the  Max  Planck 
Society  for  the  Advancement  of  Science. 

IBM  expects  to  announce  additional  sign¬ 
ings  throughout  the  summer  and  to  eventu¬ 
ally  find  a  customer  to  buy  a  petaflop  sys¬ 
tem  composed  of  72  Blue  Gene/P  racks, 
according  to  Schultz.  A  petaflop  machine 
could  perform  1  quadrillion  mathematical 
calculations  per  second.  ■ 


NEWS  ALERTS 

Hate  hunting  for  stories  on  a  specific 
topic?  Let  the  news  come  to  you  with 
Network  World's  latest  news  alerts 
with  focuses  on  security,  financials, 
standards,  trade-show  news  and  ven¬ 
dor-specific  news. 
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.ero-day  exploits:  Consider  the  OS 


BY  MARK  ZIELINSKI 


Attackers  wielding  zero-day  exploits  are  one  of  the  most  significant 
threats  facing  enterprise  networks  today.  While  plenty  of  vendors 
promote  zero-day  protection  mechanisms,  if  they  don’t  address  the 
entire  operating  system,  they  leave  the  door  open  for  attack. 


Today’s  operating  systems  are  designed  to 
provide  varying  layers  of  access  to  resources. 
Hierarchical  protection  domains  —  often 
referred  to  as  privileged  rings  —  protect  the 
operating  system  from  faults  and  general  insta¬ 
bility  Arranged  from  most  privileged  or  most 
trusted  (usually  zero)  to  least  privileged  or 
least  trusted  (usually  the  highest  number), 
these  domains  provide  the  ability  to  enforce 
security  in  the  operating  system. 

Applications  execute  in  the  least  trusted  or 
least  privileged  domain  (also  known  as  user 
space),  while  the  operating  system  executes  in 
the  most  trusted  or  most  privileged  domain 
(also  known  as  kernel  space). This  separation 
enables  the  operating  system  to  distribute 
resources  and  shield  against  undesirable 
behaviors  that  might  otherwise  have  a  rippling 
effect.  Without  this  barrier,  viruses  and  other 
malicious  software  could  easily  replicate 
across  each  process  and  run  rampant. 
Protected  behind  the  barrier,  the  operating  sys¬ 
tem  requires  each  application  to  request  per¬ 
mission  to  access  various  system  resources  or 
to  have  more  privileged  operations  carried  out 
on  its  behalf. 

Microsoft  and  a  host  of  security  vendors  have 
invested  a  tremendous  amount  of  time  and 
effort  into  developing  enhanced  security  fea¬ 
tures  to  protect  customers.  These  enhance 
ments  typically  deal  with  kernel  space,  moni¬ 
toring  the  resource  requests  made  by  applica¬ 
tions  in  user  space.  The  enhancements,  for 
example,  prevent  write  access  to  critical  struc¬ 
tures  in  memory  monitor  inbound  and  out¬ 
bound  packets  for  known  exploits,  and  analyze 
application  behavior  to  ensure  that  a  word-pro¬ 
cessing  application  isn’t  suddenly  and  inex¬ 
plicably  sending  out  confidential  data. 

Additionally,  a  variety  of  other  methods  are 
commonly  used  by  host-based  security  prod¬ 
ucts  to  shield  applications  from  vulnerabilities 
lurking  beneath  the  surface.  This  can  include 
marking  stack  and  heap  memory  addresses  as 

Got  great  ideas? 

fS  Network  World  is  looking  for  great 
ideas  for  future  Tech  Updates.  If  you’re 
got  one,  and  want  to  contribute  it  to  a 
future  issue,  contact  Editor  in  Chief 

John  Dix  (jdix@nww.com) 


nonexecutable,  or  randomizing  memory 
addresses  returned  by  memory-allocation  rou¬ 
tines.  This  increases  the  level  of  difficulty  — 
and  in  some  cases  might  make  it  impossible  — 
to  exploit  buffer-overflow  vulnerabilities. 

Another  type  of  host-based  protection,  com¬ 
monly  known  as  behavior  analysis,  intercepts 
and  inspects  the  various  system  calls  re¬ 
quested  by  applications  to  enforce  restrictions 
based  on  policies.  A  variation  to  this  approach 
involves  loading  an  application  in  a  virtual 
machine  emulator,  which  allows  instructions 
rather  than  system  calls  to  be  intercepted  and 
analyzed  before  execution. This  approach  can 
be  used  to  analyze  every  instruction  executed 
by  the  application,  rather  than  relying  on  sys¬ 
tem  calls  with  limited  visibility  to  piece  the  big¬ 
ger  picture  together. 

Despite  host-based  protection  mechanisms 
being  notoriously  difficult  to  configure  and  use 
in  enterprise  networks,  they  represent  some  of 
the  best  approaches  available.  But  organiza¬ 
tions  implementing  such  protections  remain  at 
risk,  because  these  security  products  provide 
zero-day  protection  only  at  the  application 
layer  and  not  the  operating  system  kernel. 

This  leaves  customers  with  a  false  sense  of 
security  A  skilled  adversary  can  gain  access  to 
the  network  by  exploiting  vulnerabilities  in  the 
kernel. 

Any  product  touting  zero-day  protection  and 
application-layer  security  must  extend  the 
same  level  of  security  to  the  operating  system. 

Although  no  security  product  on  the  market 
today  can  protect  the  entire  operating  system 
from  every  vulnerability,  recent  virtualization 
and  hardware  advances  make  it  possible  to 
build  the  next  generation  of  security  technolo¬ 
gy  directly  into  virtual  machines.  More  impor¬ 
tant,  by  creating  a  trusted  and  security-con¬ 
scious  virtual-machine  monitor  or  hypervisor,  it 
will  be  possible  to  achieve  greatly  increased 
levels  of  visibility 

As  one  of  many  possible  scenarios,  virtual¬ 
ization  appliances  could  be  built  and 
deployed  that  allow  one  or  more  servers  to 
operate  concurrently  while  the  security  soft¬ 
ware  operates  beneath  and  provides  the  pro¬ 
tection  necessary  With  the  security  software 
positioned  lower  than  the  operating  system, 
vulnerabilities  in  the  operating  system  can  no 
longer  compromise  or  circumvent  the  security 
product’s  ability  to  function.  Furthermore, these 


Rings  of  protection 

Hierarchical  protection  domains  — 
often  referred  to  as  privileged  rings 
—  protect  the  operating  system 
from  faults  and  general  instability. 
A  ring  is  a  logical  division  of 
hardware  and  software  components 
that  are  designed  to  perform 
dedicated  tasks  within  the 
operating  system. 
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The  division  is  typically  based  on 
the  degree  or  level  of  privilege, 
namely  the  ability  to  make  changes 
to  the  platform.  For  example,  the 
inner  ring  encompasses  the  most 
critical,  privileged  components  in 
the  operating  system. The  outer 
ring  is  the  least  privileged  and  is 
typically  reserved  for  applications. 
The  intermediate  rings  have 
decreasing  levels  of  privileges  and 
are  commonly  reserved  for  device 
drivers. 


vulnerabilities  could  be  detected  easily  and 
prevented. 

A  solution  such  as  this  would  provide  greater 
protection  than  what  is  currently  offered, 
achieve  cost  savings  by  consolidating  critical 
servers  and  eliminate  the  need  for  additional 
security  software.  Although  this  approach 
demonstrates  one  way  of  securing  enterprise 
servers,  similar  concepts  could  be  applied  to 
protecting  the  user  as  well. 

Zielinski  is  a  security  engineer  and  member 
of  Arbor  Networks’  Security  Engineering  &  Re¬ 
sponse  Team. 
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.INFRASTRUCTURE  LOG 

_DAY  75:  These  cables  are  everywhere!!  Connecting 
underutilized  servers  to  more  underutilized  servers. 
Our  energy  usage  is  out  of  control!! 

_DAY  77:  I  found  a  way  out  of  this  mess:  the  super¬ 
efficient  IBM  BladeCenterf  It  helps  us  manage  power 
and  cooling  usage  with  intelligent  Cool  Blue™ 
technology.  And  with  its  new  Quad-core  Intel®  Xeon® 
processor,  we  won’t  have  to  sacrifice  performance  for 
efficiency.  So  out  with  cables,  in  with  blades. 

_DAY  79:  Gil’s  stuck  under  the  ball.  Tried  calling  his  wife. 
Turns  out  the  photo  of  his  family  came  with  the  frame. 
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IBM,  the  IBM  logo.  Cool  Blue  and  BladeCenter  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries. 
Intel,  Intel  Inside,  the  Intel  Inside  logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and/or  other  countries.  Other 
company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2007  IBM  Corporation.  All  rights  reserved. 


A  look  at  2D  bar-coding 
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Mark  Gibbs 


ave  you  noticed  over  the  last  few  weeks  in 
the  dead-tree  version  of  Network  World 
there  has  been  a  section  that  displays  a 
curious  pattern  of  dots  and  invites  you  to  direct 
your  cell  phone’s  Web  browser  to 
http://wap.connexto.com? 

That  dot  pattern  is  a  proprietary  2D  bar  code 
format  developed  by 
Nextcode  called  mCode  (www.nwdocfinder.com 
/9830).  2D  bar  codes  are  much  like  regular  ID  bar 
codes  except  that  they  encode  data  in  (du-oh)  two 
dimensions. 

The  advantages  of  2D  bar  codes  (also  called 
stacked  symbology  or  multi-row  codes)  are  that 
they  support  a  broader  range  of  data  representation  and  a  greater  data 
density  than  ID  bar  codes.  On  the  other  hand  2D  bar  codes  can’t  be 
read  by  regular  laser-scanning  systems  —  they  are  typically  captured 
and  read  by  a  camera.  And  what  common  devices  have  cameras?  Cell 
phones. 

The  Connexto  software,  which  supports  a  wide  range  of  cell  phones,  is 
available  for  free  from  Nextcode,  and  the  supported  cell  phones 
(www.nwdocfinder.com/9831)  include  models  from  LG,  Motorola, 
Nokia,  Samsung,  Sanyo,  Sony  Ericsson  and  Siemens. 

Once  you  have  registered  on  the  Connexto  site  (also  free)  you  can 
click  on  the  Code  Creation  tab  and  generate  mCode  “codes”  as 
bitmapped  or  Encapsulated  PostScript  images.  Note  that  the  Connexto 
site  requires  that  you  run  Internet  Explorer  because  the  mCode  code 
generator  is  an  ActiveX  control. 

Committed  Firefox  users  and  the  entire  Macintosh  community  are 
excluded  from  the  fun,  which  is  obviously  not  necessary  as  the  genera¬ 


2D  bar  codes ...  are 
typically  captured  and 
read  by  a  camera. 


tor  software  could  easily  have  been  server-based  and  (ideally)  use  an 
AJAX  client  side  or,  less  easily  (but  potentially  more  sexily),  implement¬ 
ed  as  a  Flash  movie.  Of  course,  the  guys  at  Nextcode  forgot  to  ask  me  so 
what  can  you  expect. 

While  I’m  at  it,  let  me  digress  for  a  moment  and  point  out  something 
that  should  be  blindingly  obvious:  Any  company  that  limits  its  market  by 
artificial  and  unnecessary  technical  constraints  is  making  a  big  mistake. 

While  you  might  develop  a  following  you  will  always 
be  vulnerable  to  losing  out  to  any  competition  that 
addresses  a  broader  market  even  if  they  have  an  infe¬ 
rior  product. 

Anyway  the  content  of  a  code  can  be  a  URL,  an  SMS 
message,  contact  data  or  an  auto-dial  telephone  num¬ 
ber.  To  use  a  code,  whether  it  is  printed  on  something 
or  shown  on  a  display  you  simply  point  your  camera  at  it.  Once  the 
image  is  acquired  and  decoded  by  the  Connexto  software  it  will  ask  if 
you  want  to  allow  the  cell  phone  to  perform  whatever  action  is  called 
for. You  also  can  save  the  code  for  later  using  the  Connexto  software. 

The  mCode  format  has  some  interesting  qualities:  It  can  be  read  in  any 
orientation  and  at  fairly  large  angles  from  the  normal.You  can  change  the 
overall  size  of  a  code  but  not  its  aspect  ratio,  and  the  recommended  min¬ 
imum  resolution  is  around  20  dots  per  inch,  which  ensures  that  most  cell 
phone  cameras  can  get  a  full  frame  image. 

You  might  think  that  RFID  will  render  2D  bar  codes  obsolete  but  in 
cost-sensitive  applications  (such  as  in  magazines),  in  harsh  environ¬ 
ments  (say,  pipe  labels  in  a  chemical  plant),  or  where  distance  is  a  fac¬ 
tor  (for  example,  on  billboards)  they  will  always  be  effective. 

Gibbs  can 't  resist  poking  at  technology.  Tell  him  what  you  d  like  to  know 
more  about  at  gearhead@gibbs.com. 


Wireless  Philadelphia?  Most  of  the  time 
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spent  a  couple  of  days  last 
week  in  Philadelphia  —  not 
because  I  had  a  hankering 
for  cheese  steak  (although  it 
helped  that  I  could  get  some 
while  1  was  down  there),  but 
rather  to  see  whether  the  new 
citywide  Wi-Fi  rollout  really  was 
all  it  was  cracked  up  to  be  (see 
story  page  32). 

So  along  with  my  video  producer,  Jason,  I  went  down  to 
Philly  to  check  out  the  tourist  hot  spots  and  see  if  I  could 
connect  to  the  wireless  hot  spots  as  well  (go  to  www.net- 
workworld.com/video  to  see  the  video  results  of  our 
Philly  trip).  After  a  rather  nightmarish  journey  (gotta  love 
air  travel  these  days),  we  learned  some  lessons  about  the 
current  state  of  the  Wi-Fi  Philadelphia  project: 

Thought  1:  Coverage  in  wide-open  spaces  seemed  very 
good.  In  every  touristy  location  that  we  visited,  we  could  spot  the 
“WirelessPhiladelphia”  SSID  and  get  connected  to  the  wireless  signal. 
Oddly,  I  couldn’t  get  connected  near  the  U.S.Mint  building  (that’s  good, 
I  suppose). 

Thought  2:  Free, sort  of.  In  some  of  the  major  touristy  areas,  I  could  see 
the  WirelessPhiladelphia  SSID,  but  after  I  connected  and  opened  the 
Web  browser,  I  was  redirected  to  an  EarthLink  page  that  asked  me  to  log 
on  and  register.  I  could  still  connect  for  free,  but  after  a  registration  and 
logon  procedure. 

Thought  3:  Still  have  to  pay  to  play  in  other  spots:  When  we  went  to 
South  Philly  to  Geno’s  Steaks  for  our  cheese  steak  lunch  (wiz  without 
—  it’s  a  Philly  thing),  the  wireless  network  from  Earthlink  asked  me  to 
buy  a  one-day  pass  or  sign  up  for  longer  service  —  I  wasn’t  given  the 


free  option.  It’s  possible  that  this  location  wasn’t  included 
in  the  overall  free  areas. 

Thought  4:  There’s  lots  of  other  wireless  out  there.There 
were  no  locations  in  Philadelphia  where  I  couldn’t  find 
other  wireless  networks  —  some  secured,  some  not. This 
isn’t  totally  unexpected,  as  wireless  networks  have  been 
around  for  so  long  now.  I’m  still  surprised  at  the  number 
of  unsecured  networks,  although  in  some  cases  it  was 
nice  to  connect  to  an  area  where  the 
WirelessPhiladelphia  signal  wasn’t  strong. 

Thought  5:  In-building  coverage  not  there  yet:  This  isn’t 
a  cheap  shot, but  rather  a  note  that  in  order  to  get  in-build- 
ing  coverage,  you’d  probably  have  to  sign  up  for  the 
Earthlink  residential  offering  ($20  per  month,  or  $10  per 
month  for  low-income  residents)  to  get  a  signal  booster. 

Thought  6:  Tourists  really  don’t  use  wireless.  I  didn’t  spot 
a  lot  of  people  with  their  computers,  and  the  few  times  I 
did  see  them,  they  were  at  a  coffee  shop  or  other  food 
establishment  that  already  offered  free  Wi-Fi  on  their  own  networks.  In 
this  case  (like  at  Cereality  in  West  Philadelphia  or  at  the  Mug  Shots  cafe 
near  the  Eastern  State  Penitentiary),  the  cafes  network  signal  was 
stronger  (and  download  speed  seemed  faster)  than  that  offered  by  the 
metro-wide  network. 

The  bottom  line?  If  you’re  a  resident  of  Philadelphia,  you  shouldn’t 
have  any  problem  getting  connected  to  the  new  Wi-Fi  network,  it  just 
becomes  a  matter  of  in-building  coverage,  pricing  and,  most  important, 
your  need  for  checking  email  outdoors  while  visiting  the  Liberty  Bell. 

Shaw  can  be  reached  at  kshaw@nww.com.  New  Cool  Tools  video 
every  Thursday  at  www.networkworld.com/video,  and  Twisted  Pair  pod¬ 
cast  at  www.networkworld.com/podcasts/twistedpair. 
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Fighting  software  agent  pollution 

Security,  management  vendors  challenged  to  remedy  agent  proliferation 


BY  DENISE  DUBIE 

Software  agents  —  long  seen  as  a  necessary  evil  by  those  securing 
and  managing  servers,  desktops  and  other  endpoint  devices  — 
have  proliferated  to  the  point  of  polluting  enterprise  environments. 


IT  managers  are  fed  up  with  their  endpoint 
devices  becoming  the  dumping  ground  for 
bits  of  vendor  code  that  can  slow  perform¬ 
ance,  conflict  with  services  running  on  the 
machines  and  cause  huge  management 
headaches  when  upgrades  are  needed. 
Vendors  have  imposed  their  agents  on  cus¬ 
tomer  machines  long  enough,  IT  managers 
say  and  it’s  time  to  change  how  servers  and 
endpoints  are  secured  and  managed. 

“There  are  risks  in  putting  too  many  agents 
on  any  one  device,  so  I’ve  had  to  set  hard 
limits  on  how  many  agents  we  send  out  to 
our  endpoints,”  says  William  Bell,  director  of 
information  security  at  CWIE,  an  Internet- 
based  Web-hosting  company  in  Tempe,  Ariz. 
“Some  people  will  tell  you  agents  are  bot¬ 
nets  waiting  to  happen,  but  if  you  have  ever 
tried  to  patch  thousands  of  machines  with¬ 
out  agents,  you  know  agents  have  their 
place.  It’s  a  judgment  call.” 

Bell  is  not  alone  in  his  efforts  to  balance 
the  amount  of  software  installed  on  clients 
and  servers  for  the  sake  of  securing  and 
managing  the  machines. 

“We  are  concerned  about  the  perform¬ 
ance  of  endpoints,  and  the  more  agents  you 
put  on  them,  the  more  you  take  away  from 
performance,” says  Michael  Gruen,IT  project 
manager  for  Bernalillo  CountyAlbuquerque, 
N.M.“When  you  are  talking  about  one  tiny 
agent  on  one  machine,  it’s  not  an  issue.  But 
when  you  have  many  tiny  agents  across 
many  machines,  they  add  up  quickly’ 

Agent  change  is  afoot 

Now  that  IT  managers  are  getting  smarter 
about  agents,  vendors  are  scrambling  to 
accommodate  them. 

“More  vendors  are  looking  at  ways  to  con¬ 
solidate  features  or  architect  their  agents  in 
such  a  way  that  one  agent  can  handle  the 
tasks  of  multiple  software  applications,”  says 
Jasmine  Noel,  principal  analyst  at  Ptak,  Noel 
&  Associates.  “Vendors  are  responding  to 
customer  complaints  that  they  simply  won’t 
deal  with  so  many  agents.” 

Security  vendors  such  as  McAfee  have 
been  consolidating  many  features  onto  a 


single  agent,  and  management-software 
makers,  such  as  BMC  Software,  have  devel¬ 
oped  agentless  variations  of  their  monitor¬ 
ing  products.  IBM  and  CA  are  working  sepa¬ 
rately  on  a  common  agent  architecture 
across  their  products  that  lets  customers 


Agent  overload 

Forrester  Research  says  three 
agents  per  desktop  or  server  are 
enough  to  stretch  the  limitations 
of  systems  administrators.  The 
firm  estimates  agent  deploy¬ 
ment,  update  and  configuration 
could  take  two  to  six  hours  per 
systems  administrator. 


install  just  one  agent  to  handle  client  and 
server  tasks. 

Most  agree  that  software  agents  must  be 
installed  to  adequately  secure  endpoints,  but 
the  ideal  number  of  agents  required  on  each 
device  is  up  for  debate. 

According  to  Gartner  Vice  President  John 
Pescatore,  every  endpoint  today  typically 
has  at  least  three  types  of  agents  installed: 
“anti  agents”  (antispyware,  antivirus  and  so 
forth);  vulnerability-management  or  patch- 
management  agents,  which  scan  desktops 
to  make  sure  they  are  configured  appropri¬ 
ately;  and  systems  management  agents 
from  companies  like  BMC,CA,HP  and  IBM. 
The  latter  type  often  causes  the  most  “agent 
fatigue”  among  customers. 

Even  with  Symantec  acquiring  BindView 
and  Altiris,  or  McAfee  picking  up  Citadel 
Security  Software,  customers  should  be 
aware  they  still  could  see  the  same  number 
of  agents  from  the  consolidated  vendor, 
Pescatore  says. 

“The  ‘keep  the  bad  guys  out’  agents  have  to 
change  whenever  threats  change,  but  the 
configuration-management  agents  want 
nothing  to  change,  and  if  there  is  a  change, 


they  will  push  it  back,”  he  says. “The  acquisi¬ 
tions  are  good  but  don’t  always  mean  a  sin¬ 
gle  agent.  Combining  these  types  of  features 
can  be  just  plain  complicated  from  an  engi¬ 
neering  standpoint.” 

Others  say  the  evolution  of  agent  technol¬ 
ogy  among  security  vendors  isn’t  that  much 
of  a  change.  For  instance,  industry  watchers 
argue  the  tax  on  the  endpoint  isn’t  much  dif¬ 
ferent  whether  you  have  six  small,  simple 
agents,  each  performing  a  single  function,  or 
one  large  agent  performing  six  functions. 
Agents  themselves  are  not  the  root  of  the 
agent  pollution  issue, says  IDCVice  President 
Charles  Kolodgy.  Instead,  problems  arise 
when  IT  managers  are  ill-equipped  to  man¬ 
age  numerous  agents  with  various  consoles, 
making  the  care  and  feeding  of  agents  a 
nightmare,  he  says. 

“Agents  offer  value.  They  let  you  extend 
your  policy  outside  of  your  network  and 
control  activities  on  endpoints  no  matter 
where  they  are.  But  there  is  a  need  to  reduce 
the  complexity  of  agents,”  Kolodgy  says. 
“Security  is  great,  but  if  you  can’t  manage  it, 
it  lapses  over  time.  You  have  to  be  diligent 
and  vigilant  with  the  agents  that  are  required 
for  defense  in  depth.  Vendors  must  provide 
smart  management  with  their  agents.” 

When  it  comes  to  monitoring  perform¬ 
ance  on  endpoints,  however,  the  agent  dis¬ 
cussion  takes  a  turn.  Many  argue  that  unless 
IT  managers  want  to  be  able  to  take  actions 
on  each  client  or  server,  there  is  no  need  to 
place  a  pesky  systems  management  agent 
on  each  device.  For  instance,  appliances 
from  companies  like  Coradiant  promise  to 
collect  data  from  client  devices  without 
installing  an  agent. 

“Management  vendors  offer  passive,  server- 
side  monitoring  and  active  testing  to  avoid 
putting  agents  on  devices,”  says  George 
Hamilton,  director  of  Yankee  Group’s 
enabling-technologies  enterprise  group. 
“Because  endpoints  are  changing  to  include 
handheld  devices,  vendors  know  that  an 
agent  on  each  device  is  not  feasible  in  the 
long  term,  so  some  vendors  like  Intel  are 
embedding  remote  monitoring  into  the 
hardware.” 

Others  point  out  that  as  operating  systems 
mature,  more  capabilities  will  be  embedded 
there  to  enable  management  without  in¬ 
stalling  agents.  In  addition,  management  ven¬ 
dors  continue  to  work  toward  standardizing 
agents  across  their  products.  ■ 
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EarthLink  races  to  deploy  mega-municipal  mesh 


assumptions  have  had  to  be  adjusted.  For 
example,  EarthLink  has  had  to  double  the 
number  of  access  points  per  square  mile, 
from  an  original  estimate  of  20  to  the  cur¬ 
rent  figure  of  42,  to  provide  the  requisite 
level  of  coverage.  In  addition,  after  the 
access  points  are  installed,  there's  a  four- 
to  six-week  optimization  process 
designed  to  maximize  coverage. 

“We  are  using  our  tools  to  drive  testing, 
and  we  use  customer  feedback  to 
improve  coverage.  We  don't  think  we'll 
ever  get  to  100%  coverage,  but  we  are 
very  happy  with  90%  until  technology, 
both  on  our  side  and  on  the  user's  side 
improves,”  says  Donald  Berryman,  presi¬ 
dent  of  EarthLink  Municipal  Networks. 

Even  with  42  access  points  per  square 
mile,  customers  who  want  in-home  or  in¬ 
building  coverage  need  a  special,  high- 
powered  Wi-Fi  modem  from  Ruckus 
Wireless  or  PePLink.  EarthLink  sells  or 


lenge. 

“It  was  important  for  people  to  be 
mobile  and  treat  the  entire  city  network 
as  one  large,  unified  network,  so  if  they 
attached  in  one  place  they  could  start 
surfing  the  Web  and  keep  the  connection 
even  if  they  went  to  another  point  across 
town,”  says  Jeb  Linton,  director  and  chief 
architect  for  EarthLink. 

“No  system  in  the  world  had  ever  been 
able  to  scale  to  that  level  of  mobility  in  a 
Wi-Fi  network,”  Linton  adds.  “So  we  had  a 
unique  architectural  challenge  to  enable 
this.” 

EarthLink  is  building  out  the  network 
using  Tropos  802.1  Ib/g  access  points, 
which  connect  to  a  complex  backhaul 
system  that  uses  Motorola  Canopy  line- 
of-sight  radios  and  Alvarion 
BreezeAccess  VL  non-line-of-sight  radios. 

As  with  any  project  of  this  scale,  prob¬ 
lems  have  emerged  and  original  planning 


BY  SONINA  MATTEO 

Philadelphia  is  well  on  its  way  to 
becoming  one  of  the  world’s  biggest  Wi-Fi 
hot  spots. 

In  May,  after  a  15-square-mile  test  zone 
passed  muster,  the  city  gave  EarthLink 
the  green  light  to  cover  the  entire  135- 
square-mile  city  with  a  wireless  mesh  net¬ 
work  by  year-end. 

EarthLink  is  moving  full-speed  ahead, 
adding  Tropos  Networks  access  points  to 
light  poles  around  the  city,  testing  and 
optimizing  the  network,  and  building  out 
coverage  at  a  pace  of  5,000  potential 
households  per  workday.  Today,  cover¬ 
age  has  expanded  to  80%  of  the  city. 

From  a  technology  perspective,  creating 
a  full-blown  mesh  network  across  an 
entire  city  —  from  parks  to  tourist  attrac¬ 
tions  to  downtown  skyscrapers  to  resi¬ 
dential  neighborhoods  with  brownstones 
jammed  together  —  presents  quite  a  chal¬ 


Timeline:  mesh  madness 


March  2004 — Dianah  June  2004 — Wi-Fi  March  2005 — The  May  2005 — Pilot  study  May  2006 — Philadelphia's  City 

Neff,  CIO  of  Philadelphia  pilot  study  begins  Wireless  Philadelphia  areas  of  at  least  one  Council  approves  the  initiation  of 

presents  Briefing  Paper  in'  Love  Park  non-profit  organization  is  dozen  hot  spots  provided  the  build-out  of  the  “Proof  of 

to  Mayor  John  Street  Philadelphia.  founded  by  Mayor  Street  by  various  sponsors.  Concept”  area  by  EarthLink. 

about  a  possible  city-  rr* — ■?■— •?* — (with  501c3  status).  - 

wide  wireless  system.  .  **  '%*  *  /  October  2005 —  July  2006  —  Greg 

•>  ^  i  April  2005 — The  Wireless  EarthLink  is  formally  Goldman  hired  as 

May  2004—  Mayor  Street  !„  • v  ^  JK  Philadelphia  Executive  selected  to  build,  test  CEO  of  Wireless 

formally  announces  that  ^  “**  Committee  announces  a  and  manage  a  135-square  Philadelphia.  » 

the  city  of  Philadelphia  ■*— “ “ — - *  plan  to  lay  the  foundation  mile  Wi-Fi  network  in  ~ 

will  be  a  wireless  city.  August  2004 —  for  Philadelphia  as  a  Philadelphia.  December  2006 — EarthLink 
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Digital  City.  It  also  has  a 
preliminary  plan  to  make 
broadband  affordable  for 
every  resident,  business 
and  visitor  to  the  city. 


/>,  begins  POC  trials  in  North 
Philadelphia. 


won 


rents  the  units  and  offers  them  for  free  to 
customers  who  sign  a  one-year  contract. 

Despite  the  technical  issues,  EarthLink 
is  confident  it  will  be  able  to  scale  out 
mobile  broadband  across  the  city,  as  well 
as  turn  a  profit  on  its  $13.5  million  invest¬ 
ment.  The  city  is  excited  about  the  poten¬ 
tial  benefits,  which  fall  into  several  cate¬ 
gories: 

1.  Economic.  At  the  core  of  the  project 
is  the  expectation  of  increased  economic 
development  through  the  availability  of 
wireless  Internet  access,  according  to 
Philadelphia  CIO  Terry  Phillis. 

2.  Tourism.  “We  hope  for  enhanced 
tourism  opportunities  and  to  have  the 
whole  city  identified  as  a  hot  spot  for  any¬ 
one  who  would  come  here,”  Phillis  says. 

3.  Municipal  use.  The  city  foresees 
inspectors  and  other  mobile  city  workers 
using  the  Wi-Fi  network  to  communicate 
back  to  the  office.  “This  technology  is  a 


perfect  opportunity  for  them  to  use  the 
Internet,  with  communication  back  to  the 
centralized  system,  anyplace  they  go  in 
the  city,”  says  Varinia  Robinson,  the  city's 
director  of  technology. 

4.  Web  access  for  low-income  families. 
25,000  half-price  accounts  have  been  ear¬ 
marked  for  welfare-to-work  and  low- 
income  qualifying  households.  The  basic 
retail  price  for  the  Wi-Fi  broadband 
Internet  service  is  about  $20  per  month, 
and  Wireless  Philadelphia,  the  nonprofit 
agency  created  to  help  administer  the 
program,  offers  the  service  for  $9.95  per 
month.  In  some  cases,  the  low-cost 
broadband  access  will  be  bundled  with 
laptops  and  training  paid  for  by  commu¬ 
nity-based  organizations,”  says  Wireless 
Philadelphia's  CEO  Greg  Goldman. 

5.  Increased  competition  for  residen¬ 
tial  broadband.  EarthLink  is  challenging 
Verizon  and  Comcast  in  the  residential 


broadband  market,  and  city  officials 
predict  that  this  competition  will  bring 
rates  down  for  everyone. 

Network  World  plans  to  provide 
ongoing  coverage  of  Philadelphia's 
ambitious  Wi-Fi  project.  This 
story  focuses  on  the  buildout  of  i 
the  network,  but  future  stories  , 
will  cover  how  well  the  city  is 
meeting  the  goals  it  has  laid 
out.  We’re  also  looking  for  / 
feedback  from  residents,  / 
tourists  and  visitors  to  ./ 
the  city.  If  you'd  like  to 
share  your  wireless 
experiences,  go  to  / 
www.nwdocf  ind  / 
er.com/9822.  . 


Fall  prevjfiw  i  1 

3^ptember  2007  —  Full  market  deployment  of 
PhWlelphia’s  13j5-mile  citywide  Wi-Fi  network 
expected.  .  i 


June  2007  —  Philadelphia  Wi-Fi 
coverage  grows  to  46.5  square 
miles.  Approximately  500  qualified 
low-income  working  — i 

people  are  in  line  to  \  \Ai 
rece  i  ve  f  ree  com  put-  ,y*ir  * ,  .Sj 

ers  and  service  and  fr  - 

support  bundles.  I 


January  2007  —  Build-out 
of  the  POC  area  in  North 
Philadelphia  is  completed; 
Testing  and  Monitoring  of 
this  POC  area  officially 
begins. 


''October  -  November  2007  —  EarthLink  to  com 
plete  full  market  deployment  testing/evaluation, 
cahd  adjustments/optimization  of  the  network. 


March  2007  — Testing  and 
results  analysis  completed 
in  the  POC  area  by 
EarthLink  engineers  and 
with  local  customers. 


December  2007  —  Final 
acceptance  of  full  market 
deployment  by  the  city  of 
Philadelphia  and  Wireless 
Philadelphia.  All  135- 
square  miles  of  the  city  to 
have  coverage,  including 
the  23  free  zones  and 
parks  designated  for  free 
outdoor  Internet  access, 


July  -  August  2007  — 

Earthlink  starts  its  “EarthLink 
Wi-Fi"  marketing  campaign, 
which  will  continue  throughout 
the  summer.  Varied  campaigns 
expected  to  continue  into  the 
fourth  quarter.  ^ssm 


May  2007  — Wireless 
Philadelphia  approves  the 
Municipal  Wi-Fi  15-square 
mile  POC  area.  Build-out 
begins. 


at’s  how  EarthLink  rolls 


Wireless  mesh  deployment  moves  at  rapid  pace,  despite  architectural  and 
topographical  challenges 


BY  SONINA  MATTEO 

Once  Philadelphia  gave  EarthLink  permis¬ 
sion  to  move  ahead  with  the  citywide  rollout, 
the  ISP  wasted  no  time.  EarthLink  had  leased 
and  built  out  towers  so  it  could  deploy  nodes 
quickly  once  the  proof  of  concept  was 
approved. 

Crews  were  dispatched  to  accelerate  the 
installation  of  access  points  on  light  poles. 
The  Philadelphia  Streets  Department  prein¬ 
spects  light  poles  for  the  access  points’  usage 
and  approves  the  selection  of  poles;  then 
EarthLink  deploys  the  Tropos  Networks  units 
and  goes  through  an  optimization  process, 
and  the  city  does  a  final  inspection  for  safety 
and  mounting. 

Within  15  days  of  getting  the  green  light 
Earthlink  had  doubled  network  coverage  to 
30  square  miles. Today  80%  of  the  city  is  cov¬ 
ered,  and  Earthlink  plans  to  have  all  135 
square  miles  blanketed  with  wireless  signal 
by  the  end  of  September.  Additional  network 
optimization  has  to  be  completed,  and 
Earthlink  expects  to  get  the  city’s  official 
acceptance  by  year-end. 

EarthLink  is  building  a  layered  network  that 
starts  with  the  Wi-Fi  mesh  at  the  street  level 
that  the  company  says  will  deliver  1M  to 
3Mbps  data  rates  to  customers.  The  Tropos 
802.1  lb/g  access  points  contain  built-in 
routers  and  use  point-to-multipoint  radios. 
That  creates  the  mesh,  says  Jeb  Linton,  direc¬ 
tor  and  chief  architect  for  EarthLink.  The 
Tropos  units  dynamically  select  the  best  wire¬ 
less  channel  to  avoid  congestion  and  inter¬ 
ference. 

At  the  backhaul  or  capacity  injection  layer, 
data  is  fed  into  the  mesh  at  rates  of  20M  to 
50Mbps  by  Motorola  Canopy  radios  and 
Alvarion  VL  radios  on  the  tops  of  buildings 
and  towers.  In  some  areas  of  this  first  layer  of 


Iphia  —  One  giant  Wi-Fi  hot  spot 

will  soon  be  the  first  “large”  city  in  the  United  States  to  offer  Wi-Fi  Internet  service 

>f  the  system,  is  using  wireless  routers  to  ere- 


;  /■'  / 

Northeast 

Phiadelphic 


The  Wi-Fi  network  will  consist  of  approximately 
5,670  nodes,  most  of  them  mounted  on  light  poles, 
to  form  a  mesh  pattern  that  will  transform  Philadelphia 
into  one  giant  135-mile  hot  spot. 


the  backhaul  system,  EarthLink  is  running 
fiber. 

The  tower  tops  are  connected  by  either 
fiber  optics  or  line-of-sight  microwave 
communication  at  200Mbps-to-lGbps 
data  transfer  rates. 

EarthLink  already  has  a  major  point  of 
presence  (POP)  in  Philadelphia,  which 
connects  to  the  ISP’s  national 
backbone  network.  The 
local  POP  contains 
the  service  gate¬ 
way,  which 
manages 


every  user  session  and  all  details  of  the  user 
experience. 

In  addition,  Philadelphia’s  wireless  network 
was  required  to  adhere  to  an  open-access 
design.  EarthLink  deployed  a  back-end 
authentication  system  that  lets  subscribers 
from  other  service  providers  be  on  the  net¬ 
work,  and  lets  those  service  providers  control 
or  manage  their  subscribers.  According  to 
EarthLink,  this  is  done  via  Radius  Proxy 
Services. 

EarthLink  also  will  invest  resources  to  keep¬ 
ing  the  Philadelphia  Wi-Fi  mesh  network  run¬ 
ning  smoothly 

Tasks  associated  with  support  of  the  net¬ 
work  include: 

See  Rollout  page  36 
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.DAY  74:  We’re  stuck  dealing  with  multiple  interfaces 
and  apps.  We  can’t  find  the  relevant  info  we  need. 

§  I  feel  like  it  takes  six  of  us  to  do  one  person’s  job. 


mm 


.Six  Gils?  They  better  not  all  have  to  sign  my  time  sheet. 

.DAY  76:  I’m  freeing  everyone  up  with  IBM  WebSphere® 
Portal.  It’s  the  fastest  and  easiest  way  to  integrate 
everything  for  seamless  access  to  our  info.  It  gives 
each  of  us  a  single,  customizable  interface.  And 
running  it  on  a  System  p™  with  virtualization  technology 
saves  us  time  and  energy. 

.Back  to  one  Gil.  There’s  so  much  less  of  him  to  love  now. 


Rollout 


Access  Layer:  provides  blanket  connectivity  across  the  coverage  area  to  all  user 
types  and  services. 


Capacity  Injection  Layer: 

Wi-Fi  gateway  nodes  attach 
through  (mostly)  wireless 
links  up  to  towers. 


Mesh  Layer: - 

distributes  data  to  non¬ 
gateway  Wi-Fi  nodes 
with  no  direct  link. 


continued  from  page  34 


Wi-Fi  inside/out 


For  in-home  coverage  users  need  a  more  powerful 
CPE  device  (customer  premise  equipment/Wi-Fi  modem) 
attached  to  their  laptop  in  order  to  access  a  signal. 
EarthLink  provides  the  modem  when  someone 
subscribes  to  the  service  for  one  year. 


EarthLink’s  multi-layered  architecture 

EarthLink  is  building  out  the  network  using  multiple  layers  in  order  to 
provide  blanket  coverage  of  the  city. 


•  Ongoing  upgrades  and  new  Wi-Fi  releas¬ 
es:  Because  Wi-Fi  is  a  relatively  new  and 
improving  technology,  the  standards  body 
comes  out  with  new  releases  regularly.  In 
addition,  damaged  nodes  need  to  be 
replaced. 

•  Installation.  EarthLink  has  contracts  with 
installers  and  bucket  truck  operators  that  do 
the  electrical  and  mechanical  work  at  the 
sites. 

•  Capacity  analysis.  EarthLink  has  a  staff  on 
a  national  level  that  does  ongoing  capacity 
analysis.  Links  are  monitored  on  every  piece 
of  equipment  across  the  country  and  on  all 
the  Wi-Fi  networks  EarthLink  runs.  Alarms  go 
off  when  capacity  limits  are  reached. This  lets 
the  WAN  planning  team  know  when  an 
upgrade  to  a  circuit  is  needed  or  an  addi¬ 
tional  circuit  is  needed  to  supplement  the 
bandwidth. 

•  Network  management.  The  Tropos 
Element  Management  System  and 
EarthLink’s  customized  Central  Network 
Management  system  are  managed  by  teams 
in  Atlanta  and  Pasadena,  Calif.  Call  center 
workers  also  have  a  view  of  the  network 
through  these  systems. 

•  Support.  Technical  support,  call  centers 
and  customer  support  are  separate  functions 
within  EarthLink. There  is  an  escalation  path 
and  different  tiers  of  support.  Problems 
affecting  multiple  customers  in  one  zone  or 
sector  get  escalated  to  the  nearest  technical- 


support  team  that  can  do  radio  readings  and 
talk  to  the  customers  directly  Philadelphia 
does  not  have  a  call  center.  ■ 


To  access  the  network  outdoors,  users  can  connect  to  the 
internet  using  802.11b/g  compliant  wireless  interface  adapters 
(cards),  but  they  will  need  to  sign-on  at  EarthLink's  landing 
page  first  and  create  a  user  account. 


Backhaul  Layer: - 

connects  towers  using  wireless 
Point-to-Point  and  fiber  links. 
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_DAY  68:  Our  IT  environment  is  completely  rigid!  We 
can’t  align  IT  to  meet  the  larger  business  needs.  I  told 
Gil  we  need  an  SOA  so  we  can  be  proactive  for  once. 


_Gil  brought  in  contractors  and  made  the  entire  office 
“modular”  and  “flexible.”  Gil,  I  am  not  a  hamster. 


s 


_DAY  70:  This  should  free  us  up:  IBM  SOA  solutions  built 
with  IBM  WebSphere?  Now  we  have  the  hardware,  software 
and  services  for  a  flexible  IT  infrastructure.  IBM 
has  helped  3,600  companies  implement  an  SOA.  And  getting 
started  was  easy.  Now  our  business  is  built  for  change. 

_I  don’t  have  to  crawl  with  my  coffee  anymore.  It’s  great. 
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ese  steak,  Liberty  Bell,  Wi-Fi 

EarthLink’s  marketing  campaign  targets  residents,  businesses,  tourists 


BY  SONINA  MATTEO 

EarthLink  is  investing  an  estimated 
$13.5  million  to  build  out  Philadelphia’s  Wi-Fi 
network.  The  company  is  also  paying  rev¬ 
enue-sharing  fees  to  the  nonprofit  agency 
Wireless  Philadelphia  to  support  the  city’s 
efforts  to  provide  low-cost  Internet  access  for 
low-income  users. 

Will  EarthLink  recoup  this  investment? 
According  to  Thomas  Cooper,  general  man¬ 
ager  at  EarthLink  Municipal  Networks  in 
Philadelphia,  the  company  is  counting  on 
signing  up  as  many  residential  and  business 
customers  as  possible. 

“We  have  several  interesting  strategies  to  get 
us  on  the  right  path  and  to  hit  our  penetration 
targets. There’s  going  to  be  a  large  push  for  us 
in  the  Philadelphia  marketplace  this  summer’’ 
Cooper  says. 

Cooper  adds  that  the  marketing  message 
“revolves  around  how  the  service  is  used  at 
home,  but  the  added  value  is  that  it  can  be 
taken  with  you.  It  has  mobile  value.  It  can  be 
used  in  almost  all  public  and  private  spaces 
in  the  city?’ 

Customers  can  sample  the  service  without 
having  to  sign  a  long-term  contract.  EarthLink 
is  offering  a  one-hour  pass  for  $3.95, a  one-day 
pass  for  $7.95, and  a  three-day  pass  for$17.95. 
One  month  of  service  is  $19.99. The  one-  and 
three-day  passes  will  target  tourists  and  occa¬ 
sional  visitors  to  the  city  from  the  suburbs. 

According  to  Gartner  analyst  Phil  Red¬ 


man,  the  value  of  mobility  may  be  limited  to 
a  small  number  of  customers. “I  don’t  think 
that’s  going  to  be  enough  differentiation,” 
Redman  says.  “Not  everyone  cares  about 
mobility  in  these  markets.  You  also  need  to 
look  at  PC  and  notebook  penetration  in 
many  inner  cities,  and  that  is  rather  low  — 
so  basically  EarthLink  and  incumbents  are 
going  after  the  same  market  with  similar 
pricing.” 

Redman  adds,  “I  think  generally  cities  that 
target  specific  areas  and  zones  for  wireless 
coverage  will  be  successful, and  if  they  look  at 
it  more  for  adoption  by  small  and  medium¬ 
sized  businesses,  individuals  and  the  munici¬ 
pal  workforce  at  a  low-price  point,  that  it  will 
be  successful.” 

For  Esme  Voz,  founder  of  MuniWireless,  the 
question  is  more  about  what  cities  will  use  it 
for,  beyond  Internet  access.  “If  they  spend 
money  on  the  network,  or  get  a  provider  like 
EarthLink  to  spend  money,  and  all  they  use  it 
for  is  Internet  access,  it’s  a  waste  of  everyone’s 
money  If  they  use  it  to  save  money  on 
telecommunications,  make  the  municipal 
workforce  more  efficient  and  deliver  better 
services  to  residents  through  the  Wi-Fi  net¬ 
work,  then  it’s  not  a  waste  of  time  and  money?’ 

In  terms  of  EarthLink’s  long-term  goals, 
Cooper  says, “We  would  like  to  see  40%  to  45% 
of  the  residential  homes  become  customers, 
and  the  rest  be  government,  business  and 
occasional  use.” 


EarthLink  will  have  to  compete  against 
incumbents  Verizon  and  Comcast  for  that 
broadband  dollar,  however.  Less  then  half  of 
the  600,000  households  in  the  city  have 
Internet  access,  so  there’s  plenty  of  growth 
potential.  And  EarthLink’s  $20  Wi-Fi  service  is 
less  expensive  than  Comcast  Cable,  at  $33  per 
month,  and  Verizon’s  DSL  service,  at  about  $34 
per  month. 

Verizon  is  fighting  back  with  a  promotional 
offer  of  768Kbps  service  for  $14.99  a  month 
for  the  first  year,  or  3Mbps  service  for  $19.99  a 
month  for  the  first  six  months. 

“That’s  the  good  thing  about  it,”  Voz  says. 
“The  cities  are  using  municipal  Wi-Fi  to  cre¬ 
ate  a  more  competitive  market,  and  if  this 
happens,  then  the  cities  have  achieved  their 
goal. The  U.S.  has  a  broadband  duopoly,  and 
that  is  driving  cities  to  create  a  more  com¬ 
petitive  atmosphere.” 

Another  possible  revenue  source  for 
EarthLink  is  the  wholesale  or  reseller  chan¬ 
nel.  Under  the  terms  of  its  agreement  with  the 
city,  EarthLink  is  required  to  provide  the  Wi-Fi 
network  as  an  access  layer  for  other  service 
providers.  Reseller  or  wholesale  agreements 
have  been  signed  with  DirectTV,  PfeoplePC, 
Vonage  and  Drexel  University.  In  June,  Earth- 
Link  also  signed  an  agreement  with  Get- 
Connected,  a  commerce-engine  provider  that 
will  let  merchants  sell  directly  from  a  kiosk  or 
cash  register  and  activate  EarthLink  Wi-Fi 
orders  at  the  point  of  sale.  ■ 


ilwE  WOULD  LIKE  TO  SEE  40%  TO 
45%  OF  THE  RESIDENTIAL  HOMES 
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REST  BE  GOVERNMENtjUSINESS 
AND  OCCASIONAL  USE.1|| 


0MAS  COOPER,  general  manager, 
EarthLink  Municipal  Networks,  Philadelphia 
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_DAY  53:  Were  flooded  with  information.  Data.  E-mails. 
Video.  It’s  all  trapped  in  unconnected  systems.  It’s 
practically  inaccessible.  We  can’t  find  the  right  info! 

_Gil  says  he  needs  a  hand.  Alas,  I’m  afraid  of  heights. 

_DAY  54:  The  answer:  IBM  solutions  for  leveraging 
information.  They  can  help  us  build  an  infrastructure 
to  bring  info  together,  up  and  down  the  stack.  IBM 
middleware  integrates  structured  and  unstructured  info 
across  silos  for  a  unified  view.  And  IBM  servers  and 
storage  give  us  virtualization  for  improved  utilization. 

_Better  decisions  with  our  info.  On  two  feet,  no  less. 


Information  Management 


Download  the  leveraging  information  white  paper  at: 

IBM.COM/TAKEBACKCONTROL/INFO 


IBM.  the  IBM  logo  and  Take  Back  Control  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  ©2007  IBM  Corporation. 

All  rights  reserved. 


Philly  pushes  for  low-cost  Wi-Fi 
*ar  its  poorest  residents 

City  sees  Web  access  as  important  educational  and  economic  tool 


BY  SONINA  MATTEO 

Of  Philadelphia’s  1.5  million  residents,  23% 
live  below  the  national  poverty  threshold. The 
city  over  the  years  has  tried  numerous  initia¬ 
tives  and  programs  that  support  improve¬ 
ments  in  education,  employment,  health  and 
other  life  opportunities. 

Its  latest  effort  is  Wireless  Philadelphia,  a 
nonprofit  organization  started  by  Phila¬ 
delphia  Mayor  John  Street’s  office  in  2005. The 
initiative’s  mission  is  to  help  Philadelphia 
neighborhoods  gain  high-speed  Internet 
access  through  an  affordable  digital-inclusion 
program  that  helps  economically  disadvan¬ 
taged  citizens  —  as  well  as  businesses, 
schools  and  community  organizations  that 
are  not  online  —  get  connected  with  hard¬ 
ware,  software,  technical  support  and  training, 
and  wireless  broadband  Internet  service. 

“We  have  learned  through  research  that  a 
lack  of  Internet  technology  is  the  basis  for 
the  digital  divide.  We  don’t  expect  Internet 
access  alone  to  be  the  panacea  for  all  the 
social  problems  and  challenges  that  the  city 
faces  as  we  look  to  the  future.  But  by  the 
same  token,  we  know  that  people  depend 
on  access  to  information  and  employment 
opportunities  and  educational  options  in 
today’s  world,”  says  Greg  Goldman,  Wireless 
Philadelphia’s  CEO. 

“This  technology  has  huge  potential  to 
really  level  the  playing  field  in  Philadelphia. 
With  access  to  technology  [people]  have 
more  options  and  access  to  more  content,” 
says  Sallie  A.  Glickman,  CEO  of  the  Phil¬ 


adelphia  Workforce  Investment  Board,  an 
organization  that  released  a  study  earlier  this 
year  about  the  state  of  the  city’s  workforce. 
“Technology  is  a  great  leveler;  especially 
with  content  for  distance  learning  now  avail¬ 
able,  skills  could  be  delivered  through  the 
Internet,”  she  says. 

The  study  found  that  although  educated 
workers  are  driving  Philadelphia’s  renais¬ 
sance,  60%  of  the  city’s  adult  population  have 
low  levels  of  literacy,  and  more  than  80,000 
residents  between  the  ages  of  25  and  45  have 
enrolled  in  a  college  but  never  graduated.  In 
addition,  according  to  the  report,  a  signifi¬ 
cant  portion  of  Philadelphia’s  population  is 
isolated  geographically  from  work  locations 
and  can’t  access  the  online  educational  and 
employment  resources  that  could  connect 
them  to  a  job. 

“There  is  not  one  solution  or  one  group  that 
owns  the  solution,  but  clearly,  with  Wireless 
Philadelphia  [a  solution]  is  more  possible. 
[The  technology]  provides  a  host  of  poten¬ 
tial,”  Glickman  says. 

Wireless  Philadelphia  has  been  given  25,000 
half-price  accounts  earmarked  for  house¬ 
holds  that  qualify  for  welfare-to-work  pro¬ 
grams  and  other  low-income  households.The 
basic  retail  price  is  about  $20  per  month,  but 
the  organization  offers  the  service  to  its  target 
customers  for  $9.95  per  month. 

At  the  outset, Wireless  Philadelphia  provides 
supplemental  training,  administered  through 
its  community  partners,  to  teach  people  how 

to  use  the  Internet  to  fts  maximum  potential. 

I 


Orientation  and  training  take  place  when  res¬ 
idents  sign  up  through  such  groups  as  the 
community-based  Employment,  Advance¬ 
ment  and  Retention  Network  (EARN)  centers 
or  the  Philadelphia  Workforce  Development 
Corporation,  which  are  part  of  the  city’s  wel¬ 
fare-to-work  program.  The  training  is  a  stan¬ 
dard  program  offered  by  one  of  Wireless 
Philadelphia’s  partners.  Technical  support 
from  EarthLink,  the  program’s  ISP  is  available 
for  Wireless  Philadelphia  customers. 

EARN  centers,  which  handle  case  manage¬ 
ment,  job  placement  and  other  services  to 
help  welfare  clients  become  self-sufficient, are 
picking  up  the  monthly  tab  for  some  residents 
(on  an  incentive  basis).  In  addition,  Wireless 
Philadelphia  partners  are  picking  up  the  bill 
for  a  package  that  includes  a  refurbished  lap¬ 
top,  one  year  of  Internet  access,  and  technical 
support  and  training.  Five  welfare-to-work 
clients  received  this  bundle  on  June  14. 

The  Wireless  Philadelphia  business  model 

By  the  end  of  fiscal  year  2007,  Wireless 
Philadelphia  will  have  raised  more  than 
$500,000  from  public  agencies,  foundations, 
other  nonprofits  and  individuals. 

Revenue  from  the  half-price  Internet-access 
accounts  goes  directly  to  EarthLink,  but 
Wireless  Philadelphia  will  receive  a  5%  share 
of  the  revenue  from  all  EarthLink  accounts 
starting  in  the  third  year  of  the  program.  In  the 
program’s  first  two  years,  Wireless  Phil¬ 
adelphia  is  receiving  $1  million  per  year  in 
operational  support. 


Matteo  is  an  independent  wireless/mobile 
technology  writer  in  Lumberton,  N.J.  She  can 
be  reached  at  soninamatteo@tech-research 
services.com. 


Go  online  to  see  video  from 
the  streets  of  Philadelphia. 

www.nwdocfinder.com/982S 
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_DAY  78:  Our  energy  costs  are  staggering!  We’re  spending 
more  to  power  and  cool  the  hardware  than  we  did  to 
buy  it  in  the  first  place. 


_It’s  too  darn  hot.  Gil  moved  the  entire  data  center  to 
the  Arctic  Circle.  Gil,  this  commute  is  ridiculous. 


_DAY  81:  Here’s  something  better:  IBM  energy  management 
solutions.  IBM  services  helped  us  identify  and  tackle 
our  power  and  cooling  inefficiencies.  The  IBM  System  z™ 
server’s  high  utilization  and  unique  design  mean  we’re 
not  feeding  our  old,  power-hungry  environment. 


% 


Get  the  data  center  efficiency  incentive  guide  at: 


IBM.COM/TAKEBACKCONTROL/EFFICIENCY 


IBM,  the  IBM  logo,  System  z  and  Take  Back  Control  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries. 

©2007  IBM  Corporation.  All  rights  reserved. 


NEWS  ANALYSIS 


Bi-coastal  disaster  recovery 

Two  schools  are  building  similar  virtualized  infrastructures  to  mirror  key 
systems  for  one  another  in  case  disaster  strikes.  Initially,  they  are 
replicating  emergency  Web-site  and  e-mail  services,  with  other 
applications  to  follow  later  this  year. 


monitoring 


Recovery 

continued  from  page  1 

their  own  logical  data  center,  one  situated  on 
the  other  side  of  the  United  States. 

A  recent  study  (www.nwdocfinder.com 
/9854)  found  that  almost  30%  of  business  are 
completely  unprepared  for  disasters  or  crip¬ 
pling  emergencies. 

The  first  step  has  been  to  run  each  other’s 
emergency  Web  site,  Exchange  e-mail  and 
DNS  servers.  This  summer  and  fall,  both 
schools  plan  to  roll  out  other  virtual  servers 
(see  graphic).  These  new  servers  will  sup¬ 
port  replication  of  Microsoft  Active  Dir¬ 
ectory,  programs  such  as  NTI  Group’s 
Connect-ED  (www.nwdocfinder.com/9855), 
which  can  record  an  emergency  voice  mes¬ 
sage  and  distribute  it  via  e-mail,  cell  phone, 
paging,  instant  messaging  and  other  media; 
and  enterprise  applications,  such  as  learn¬ 
ing  management  systems,  payroll  and  stu¬ 
dent-information  systems. 

“This  is  a  dandy  example  of  how  to  do 
things  properly?’  says  Michael  Karp,  senior 
analyst  for  Enterprise  Management  As¬ 
sociates,  a  technology  research  company  in 
Boulder,  Colo.  Karp  covers  storage  issues  and 
has  been  advocating  cooperative  disaster 
recovery,  especially  for  small  businesses. “The 
IT  issues  are  the  same  for  both  institutions, 
around  privacy,  data  availability,  records  man¬ 
agement  and  all  those  nitty-gritty  details.  And 
it  will  cost  LMU  about  the  same  amount  to 
supervise  as  it  will  cost  Bowdoin,  because 
they  have  the  same  infrastructure.” 

Keeping  costs  low 

So  far,  the  initial  work  has  been  fairly  inex¬ 
pensive,  according  to  numbers  compiled  by 
the  schools:  about  $35,000  from  June  2006  to 
June  2007  for  each  institution,  mainly  in  staff 
time  of  about  15  to  20  hours  per  month. That 
includes  a  couple  of  cross-country  plane  trips 
for  selected  IT  staff  from  both  schools.  The 
schools  are  projecting  about  $54,000  more  in 
spending  for  each  institution,  for  blade 
servers,  a  terabyte  of  network  storage,  software 
licenses,  new  applications,  labor  and  other 
expenses.  That  compares  with  an  estimated 
$100,000  per  month,  or  $1.2  million  per  year,  for 
a  commercially  hosted  disaster-recovery  hot 
site,  according  to  figures  from  the  two  schools. 
That  adds  up  to  an  ROI  of  more  than  $1.1  mil¬ 
lion  yearly. 

Although  there  have  been  earlier  efforts  at 
disaster-recovery  collaboration,  none  seems  to 
have  the  ambition  of  the  Bowdoin-LMU  pro¬ 
ject.  Two  small  neighboring  Massachusetts  col¬ 
leges,  Babson  and  Franklin  W  Olin  College  of 
Engineering,  have  been  sharing  (www.nwdoc 
finder.com/9856)  off-site  storage  and  tape 
backup.  In  the  wake  of  the  devastating  2005 
hurricane  season,  spearheaded  by  colleges 
and  universities  in  the  Gulf  region,  more  insti¬ 
tutions  have  been  trying  to  add  long-distance 
into  their  disaster-recovery  plans  (www.nw 
docfinder.com/9857). 


The  two  schools  can’t  get  much  farther 
apart  in  distance  and  culture:  Bowdoin  has 
about  1,700  students  in  rural  Maine.  LMU 
has  about  8,700  students  in  urban 
California.  Yet  the  differences  have  proven 
to  be  complementary  strengths  rather  than 
stumbling  blocks. 

The  seed  for  the  idea  germinated  a  few  sum¬ 
mers  ago  when  the  schools’  CIOs  —  Mitch 
Davis  at  Bowdoin  and  Erin  Griffin  at  LMU  — 
first  met  at  an  academic  computing  confer¬ 
ence.  At  a  session  on  disaster  recovery,  Davis 
argued  that  smaller  institutions  could  sidestep 
the  crippling  costs  of  disaster  recovery  by  work¬ 
ing  together. 

“We  just  started  putting  together  how  we 
could  this,”  Griffin  says.  “We  were  kind  of 
‘skunk-working’  it  for  a  while,  because  it  did¬ 
n’t  have  the  sex  appeal  of  other  projects.  Until 
after  Katrina.” 

Planning  and  decision  making  started  in 
earnest  in  summer  of  2006.The  initial  decision 
to  useVMware  as  a  foundation  was  quickly  fol¬ 
lowed  by  other  infrastructure  choices  needed 
to  support  the  initial  round  of  essential  ser¬ 
vices,  from  DNS  hosting  to  VoIP'That  is  a  pretty 
huge  undertaking  right  there,”  Griffin  says. 

Bad  first  impressions 

“It  seemed  really  daunting  when  we  first 
started,” says  Dan  Cooke,  LMU’s  director  of  sys¬ 
tems  administration.  “But  as  we  worked 
together,  it  started  seeming  much  more  tangi¬ 
ble  and  realistic.” 

One  reason  was  the  quick  realization  that 
each  school  brought  expertise  that  could 
benefit  the  other  in  deploying  new  products 
and  technologies.  “They  had  not  done  any¬ 
thing  with  virtualization  at  all,”  recalls  Tim 


Antonowicz,  systems  engineer  at  Bowdoin. 
“We  were  over  70%  virtualized  (www.nwdoc 
finder.com/9858)  at  the  time.  I  flew  out  to 
California  to  get  their  feet  wet  with  VMware. 
Now,  they’re  almost  as  involved  [with  it]  as 
we  are.” 

When  Bowdoin  switched  over  to  Ex¬ 
change  e-mail  so  the  schools  would  have 
similar  e-mail  infrastructures,  LMU  staffers 
were  their  guides  and  advisers.  “We  imple¬ 
mented  that  pretty  quickly,”  Davis  says. 
“When  we  launched  Exchange,  we  had  just 
eight  calls  to  our  help  desk.” 

The  shared  experience  of  the  infrastructure 
components  then  forms  a  kind  of  informal 
help  desk,  where  managers  and  staff  can 
reach  out  for  advice,  brainstorm  and  trou¬ 
bleshoot  problems  with  their  colleagues  a 
continent  away.  “I  can  send  an  instant  mes¬ 
sage  to  Dan  and  say,  ‘Have  you  seen  this 
[problem]?’  and  he  IMs  back,  ‘We  saw  this 
three  weeks  ago,  and  here’s  what  we  did,”’ 
Antonowicz  says.  More  formally,  teams  from 
both  schools  meet  every  Tuesday  via  video- 
conference  to  review  the  project,  identify 
problems  and  plan  the  next  steps.The  discus¬ 
sions  and  decisions  are  recorded  for  later 
viewing  by  others. 

“It’s  about  developing  a  relationship,  more 
than  a  business  agreement,”  Davis  says.  Rela¬ 
tionship-building  was  vital  in  overcoming  what 
he  sees  as  the  main  obstacles  in  the  project: 
fear  and  potential  distrust.“All  of  sudden, stuff  is 
moving  off  your  campus  and  out  of  your  con¬ 
trol,”  he  says. 

There  is  friction  at  times,  often  over  speed  of 
implementation  and  priorities,  Davis  says.“Erin 
wanted  a  particular  project  done  right  awa>f 

See  Recovery,  page  44 
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.INFRASTRUCTURE  LOG 


_DAY  25:  Our  ad  hoc  security  solutions  are  not  enough. 

We  can’t  handle  new  threats.  We’re  always  playing 
catch-up.  We’re  leaving  ourselves  vulnerable  and  exposed. 

.Gil’s  had  a  security  epiphany:  high-powered  lasers. 
They’re  everywhere.  I  keep  zapping  myself  as  I  type. 


.DAY  26:  I’m  taking  back  control  with  a  security 
solution  from  IBM.  Their  security  service  experts  can 
help  us  assess  our  needs.  IBM  Tivoli  helps  us  monitor 
and  respond  to  threats  while  managing  access  to  our 
information.  And  the  IBM  System  z™  server’s  encryption 
and  multilevel  security  features  are  legendary. 


Take  the  IBM  Security  Solution  Finder  at: 

IBM.COM/TAKEBACKCONTROL/SECURITY 


Tivoli. 


IBM,  the  IBM  logo.  System  z,  Tivoli  and  Take  Back  Control  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries. 

©2007  IBM  Corporation.  All  rights  reserved. 
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C&ntpliance 

continued  from  page  10 

exchanges  vice  president  of  quality  assurance. 
“Accume  is  the  internal  auditor,  and  they’re 
here  all  the  time,”  he  says,  explaining  that  the 
stock  exchange  builds  its  regulatory  compli¬ 
ance  around  the  COBIT  framework.“We  have  a 
timeline  of  events,  and  I’m  the  liaison.” 

About  once  a  month,  the  IT  audit  process 
starts  up  afresh,  examining  whether  such 
processes  as  patch  management  and  vulnera¬ 
bility  assessment  are  in  place.  Internal  auditors 
are  valuable  “because  you  can  be  so  close  to  a 
process  every  day  you  can  miss  a  hole  that  was 
created,”  Donnelly  says.  “So  you  need  them.  I 
want  to  know  if  there’s  a  problem  so  it  can  be 
fixed.” 

Donnelly  says  auditors  seeking  to  make  a 
determination  about  compliance  often  want 
to  know  everything  they  can  about  an  IT  pro¬ 
ject,  from  the  first  requirements  to  the  final 
installation.  Automating  change-control  pro¬ 
cesses  in  software  can  be  helpful,  he  notes, 
adding  that  his  department  has  used  Serena 
Software’s  TeamTrack  for  application  life-cycle 
management. 

Regulatory  soup 

That’s  just  SOX,  however. There  are  an  almost 
untold  number  of  other  regulations,  such  as 
the  Gramm-Leach-Bliley  Act  for  financial-data 
privacy  and  California’s  Senate  Bill  1386,  which 


NEWS  ALERTS 

Hate  hunting  for  stories  on  a  specific 
topic?  Let  the  news  come  to  you  with 
Network  World’s  latest  news  alerts 
with  focuses  on  security,  financials, 
standards,  trade  show  news  and  ven¬ 
dor-specific  news. 

www.nwdocfinder.com/1002 


has  had  an  outsized  impact  that  extends  far 
beyond  California  in  propelling  companies  to 
disclose  data  breaches  publicly 

Making  the  grade  in  regulatory  compliance 
is  something  the  Fairfax  County  Public  School 
district  in  Virginia  is  expected  to  do. 

For  Ted  Davis,  the  district’s  director  of  enter¬ 
prise  information  services,  the  two  regulations 
that  figure  most  prominently  are  the  Family 
Educational  Rights  and  Privacy  Act  (FERPA) 
and  the  Health  Insurance  Portability  and 
Accountability  Act  (HIPAA). 

“FERPA  is  the  primary  federal  regulation  con¬ 
cerning  student  records,  and  who  has  access 
to  these  records  and  can  see  them,”  Davis  says. 
HIPAA  is  the  federal  regulation  that  mandates 
privacy  and  security  of  medical  records. 

HIPAA  is  relevant  to  the  Fairfax  school  system 
because  it  provides  medical  assistance  — 
such  as  therapy  and  emergency  care,  when 
necessary  —  to  the  164,000  students  in  the 
county’s  200  schools. 

One  of  the  main  reasons  Fairfax  began  plan¬ 
ning  for  automated  user  provisioning  and  pass¬ 
word  management  five  years  ago  —  the  $1  mil¬ 
lion  project  based  on  Novell’s  identity-manag¬ 
er  software  began  its  rollout  this  spring  —  was 
to  help  meet  FERPA  and  HIPAA  requirements 
for  data  privacy  access  control  and  auditing. 
“This  should  reduce  our  risks  and  be  much 
more  manageable  and  less  cumbersome  than 
our  old,  manual  system,”  Davis  says. 

HIPAA  is  a  top  concern  for  Mike  Lecuyer, 
enterprise  network  systems  and  security  sys¬ 
tems  compliance  engineer  at  insurance  pro¬ 
vider  Blue  Cross  Blue  Shield  of  Massachusetts. 

“Some  of  the  compliance  called  for  in 
HIPAA  is  vague,  but  you  need  certain  con¬ 
trols,  such  as  audit  controls,”  Lecuyer  says. 
He  adds  that  he  favors  automating  compli¬ 
ance  reports  and  monitoring  where  it 
seems  feasible,  and  to  that  end  his  organi¬ 
zation’s  servers  run  software-based  access- 
control  templates  from  NetlQ  that  monitor 
for  password  changes  and  enforce  the 
access  controls  called  for  by  HIPAA. “I  think 
you’ve  got  to  automate  this,”  Lecuyer  says. 


Try  something  new 

Many  banks  say  they’ve  been  spurred  to 
make  certain  security  changes  because  of  reg¬ 
ulation,  particularly  the  Authentication  in  a 
Banking  Environment  guidelines  that  took 
effect  this  year.  The  guidelines  were  issued  by 
the  Federal  Financial  Institution  Examination 
Council  (FFIEC),  a  multiagency  group  repre¬ 
senting  the  Federal  Reserve  System, the  Federal 
Deposit  Insurance  Corp.  and  other  institutions. 
They  compel  banks  to  use  more  than  just  sim¬ 
ple  passwords  in  online  banking  and  funds 
transfer  for  customers.  The  FFIEC  is  giving 
banks  leeway  this  year  to  try  a  variety  of 
approaches. 

To  meet  this  new  regulatory  demand,  Old 
National  Banc,  a  $8.2  billion  bank  in  Evans¬ 
ville,  Ill.,  with  online  services,  has  distributed 
Vasco  Data  Security’s  dynamic-password 
tokens  to  business  customers  for  two-factor 
authentication.  Old  National  also  has  added 
Corillian  Security’s  Intelligent  Authentication 
service  for  identifying  online  customers 
through  combined  factors,  such  as  IP  address, 
time  of  day  and  browser  setting.  It  also  offers 
users  an  authentication  of  the  validity  of  the 
bank’s  site  through  a  visual-identification 
process. 

These  changes  were  carried  out  largely  “to 
meet  the  FFIEC  guidelines,”  says  Becky  Sand- 
gren,  assistant  vice  president  and  senior  pro¬ 
ject  manager  in  the  bank’s  ebusiness  division. 

In  some  instances,  the  use  of  technology 
products  and  services  is  strictly  overseen  by 
government  regulators  in  the  United  States  and 
abroad,  who  set  standards  for  data-use,  storage 
and  transfer  policies. 

At  airline  carrier  Air  Canada,  for  example, 
Canada’s  data-privacy  regulations  prohibit  stor¬ 
ing  airport  public-area  camera  feeds,  although 
camera  feeds  in  private  facilities  can  be  stored, 
says  Thor  Hoff,  IT  infrastructure  project  man¬ 
ager  at  Air  Canada’s  Toronto  operations  center. 
“Any  video  monitoring  in  public  areas  is 
always  done  in  real  time,” says  Hoff.“We  have  to 
follow  government  regulations.”® 
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Recovery 

continued  from  page  42 

he  says.“For  us,  it  sits  on  the  next  stage  below. 
We’ve  had  some  strong  talk  about  doing  this 
faster.  She  has  a  project  manager  who’s  always 
telling  us, ‘You  have  to  get  moving  on  this.’ And 
that’s  not  a  bad  thing.” 

“This  is  not  something  that  pops  up  and  hap¬ 
pens,”  Davis  says.“It  seems  kind  of  organic  [in 
development],  but  everyone  was  thinking 
about  how  to  make  things  better  for  the  client 
[the  other  school]  and  optimize  it  to  be  easier 
for  IT  to  support.” 

Davis  and  Griffin  see  this  project  as  a  tem¬ 
plate  for  future  cooperation,  and  not  just  in 
higher  education. “We ’re  building  a  methodol¬ 
ogy  for  approaching  other  collaborative  IT 
projects,”  Griffin  says. “That  outcome  is  as  im¬ 
portant  as  the  hot  site  itself.”® 
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Coming  Thursday,  September  6th 
NETWORK  WORLD  READERS  QUALIFY  TO  ATTEND  FREE 


NETWORKWORLD 

a m  Conference  &  Expo 


THE  2ND  ANNUAL  TECHNOLOGY  CONFERENCE  &  EXPO 


IT  Roadmap:  Dallas  is  the  only  event 
offering  team  coverage  in  8  key  areas 
of  IT.  Complete  with  case  histories 
from  frontline  users.  Answers  from 
IT  insiders.  Data  from  industry 
researchers.  Insights  from  IT  specialists. 
And  embedded  within. ..a  tightly- 
focused,  solution-oriented  expo  of  top 
vendors  where  the  takeaways  even 
include  the  chance  to  win  great  prizes! 

Check  the  agenda.  And  become  a  part 
of  it.  Reserve  your  seat  now.  And  get 
ready  for  an  IT  Roadmap  that  starts  in 
Dallas  and  takes  you  everywhere  you 
need  to  drive  your  enterprise. 

For  complete  information 
and  to  register,  go  to 

wvm.networkworld.com/RM7DA4 
or  call  800-643-4668. 

AFTER-EVENT  ADDEO-VALUE  BONUS: 

Access  to  the  ITR  Exchange,  the  private, 
password-protected  IT  Roadmap  online 
community  where  you  can  track  the  results  of 
post  conference  surveys.  Read  and  download 
presentations  from  each  of  the  eight  tracks. 

And  continue  to  network  with  colleagues. 


IT  Roadmap:  Agenda  for  the  Day 

Not  just  compelling  new  technologies  and  state-of-the-art  best  practices,  but  how  the  pieces  fit  together  to  create  an 
architecture  that  can  drive  business. 


7:30  REGISTRATION  and  Complimentary  Continental  Breakfast 

8:15  INTRODUCTION  AND  AGENDA  OVERVIEW  Paul  Desmond,  Events  Editor,  Network  World,  Inc. 

8:30  ROUNDTABLE  WITH  IT  ROADMAP  TRACK  ANALYSTS 

"10  X-Factors  for  Next-Generation  Networks”  Moderated  by  John  Gallant  and  Paul  Desmond 

9:00  FIRESIDE  CHAT  John  Gallant,  President  &  Editorial  Director,  Network  World  interviews  Kirk  Kirksey,  CIO, 
University  of  Texas  Southwestern  Medical  Center  at  Dallas 

9:30  TECHNOLOGY  KEYNOTE  Join  Principal  Sponsor  Cisco  and  learn  from  Ben  Gibson,  Director,  Mobility  Solutions,  as 
he  discusses  enterprise  mobility  trends  and  solutions. 

10:00  BREAK  for  Complimentary  Refreshments 


10:15  MORNING  TRACKS  (Choose  One)  Each  information-packed  track  presents  a  real-world  user  case  study, 
vendor-specific  solution,  and  best  practices  you  can  take  back  to  your  enterprise 


APPLICATION  &  DATA 
SECURITY 

Andreas  Antonopoulos, 

Nemertes  Research 
Kurtis  Holland,  Principal, 
IT  Security,  Sabre  Holdings 


ENTERPRISE  MOBILITY 
Craig  J.  Mathias, 

Farpoint  Group 


NETWORK  MANAGEMENT 

Jim  Metzler, 

Ashton,  Metzler  &  Associates 


STORAGE  &  DATA 
COMPLIANCE 
Johna  Till  Johnson, 

Nemertes  Research 
Kevin  Dunn,  Director  of  Network 
Operations,  First  Command 
Financial  Planning 


12:30  COMPLIMENTARY  LUNCH,  sponsored  by  Expand  Networks,  is  Served  and  IT  Expo  is  Open 


2:40  AFTERNOON  TRACKS  (Choose  One) 


THE  NEW  DATA  CENTER 
Andreas  Antonopoulos, 

Nemertes  Research 


VOIP,  CONVERGENCE  & 
COLLABORATION 
Johna  Till  Johnson, 

Nemertes  Research 

Mike  Shisko,  IT  Director,  Hitachi 

Consulting/Experio  Solutions 


NETWORK  &  APPLICATION 
ACCELERATION 

Jim  Metzler, 

Ashton,  Metzler  &  Associates 


NAC:  NETWORK  ACCESS 
CONTROL 

Joel  Snyder, 

Opus  One 


5:00  RECEPTION  AND  IT  EXPO  Take  this  opportunity  to  visit  with  sponsors  in  our  expo  hall  and  learn  about  the  best 
products  and  services  to  drive  your  network  in  2007! 

6:00  PASSPORT  DRAWING:  Fantastic  giveaways  with  great  prizes!  You  must  be  present  to  receive  awards. 
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Tools  for-Remote 


Secure  Console  Managers  Remote  Power  Switches  Current  Load  Monitors 


•  SSHv2  Encryption 


Display  Current/Watts/Volts 


When  it  comes  to  Remote  Network 
Management,  no  one  has  more 
remote  access  tools  than  Western 
Telematic!  Our  products  offer  the 
design  flexibility  you  need  to  mix 
and  match  equipment  for  small  or 
large  scale  remote  management 
strategies.  WTI  products  are 
installed  in  thousands  of  network 
sites  worldwide. 


8, 16,  or  32  DB9  Ports 
LDAR  RADIUS,  TACACS+ 

1 

Internal  Modem 


Web  Browser,  Telnet  and  Local 
Access 

Dual  15  or  20  Amp  Power  Inputs 
Power-Up  Sequencing 


Dual  20  Amp  Circuits 

Measure  Individual  and  Aggregate 
Loads 


✓  In-House  Design  &  Manufacturing 

✓  We  Stock  for  Same  Day  Shipment 

✓  Five  Year  Warranty 

✓  Free  Online  Demos 


■  SNMP  Monitoring 

■  Non-Connect  Port  Buffering 

■  SYSLOG  Messages 


•  Outlet  Specific  Passwords 

■  NEMA  or  IEC  Outlets 

■  4,  8,  and  16  Outlet  Models 

■  Vertical  and  Horizontal  Models 


■  80%  Threshold  Alarm 

■  1 20  -  208  VAC  Auto  Sensing 

■  Connect  to  PDUs  or  Reboot 
Switches 

•f 

'  '  '  :  . . -  " 


(800)  854-7226  •  www.wti.com 


western  telematic  incorporated 


5  Sterling  •  Irvine  •  California  92618-2517 


Protect  Your  IT  Equipment. . .  Don ’t  Wait  Until  It's  Too  Late! 


IT  &  Facilities 

•  Digital  Temperature 

•  Digital  Humidity 

•  Main  /  UPS  Power 

•  Flood  /  Water 

•  Smoke /Fire 

•  Room  Entry,  Sound,  Light,  Air  Flow  Easy  Online  Ordering  At 

Cameras,  Dry  Contacts  &  More  Environment  Monitor.com 


AVTECH  888.220.6700  AVTECH.com 

Software  401.847.6700  EnvironmentMonitor.com 


“25%  of  all  data  centers  experience  downtime  more  than 
5  times  a  year...  60%  of  these  last  more  than  12  hours!” 


Immediate  detection  &  alert  notification  are  the  #1  ways 
to  reduce  downtime  costs  and  inconvenience. 

AVTECH  Software  is  the  world-wide  leader  in  IT  environment  monitoring. 
Since  1988,  we’ve  built  our  business  on  cost  effective,  reliable  and  easy  to  use 
products  of  high  value.  Our  customers  include  over  80%  of  the  Fortune  1000, 
37  of  50  state  governments,  almost  every  branch  of  the  U.S.  Government  and 
organizations  of  all  types  and  sizes  throughout  the  world.  Because  AVTECH 
Software  is  the  developer  and  manufacturer,  instead  of  a  reseller,  we  offer 
unmatched  benefits  to  our  customers.  See  why  most  of  the  world’s  leading 
organizations  both  use  and  recommend  AVTECH  Software  products.  Using 
anything  less  could  put  your  expensive  IT  equipment  and  organization  at  risk. 

To  learn  more,  visitAVTECH.com...  before  it’s  too  late! 


Server  room 
climate  worries? 


Server  Room 

11  Climate  &  Power 

Monitoring 


Ipw-rost. 


Get  our 

free 

book. 
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E-mail  FreeBook@ITWatchDogs.com  with  your 
mailing  address  or  call  us  at  512-257-1462 
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Chat™|50 
Chat™}  150 
MAXAttach™IP 


10%  OFF 


INSERTION  LOSS 


Guaranteed 


Quality  products  for  all  your  Fiber  Optic 
Solution  needs 

At  Cablesys,  we  guarantee  our  insertion  loss  is  equal  to  or  less 
than  0.2  dB  on  all  fiber  optic  assemblies  with  ceramic  ferrule. 
With  an  additional  1 0%  off  offer;  you  can  count  on  Cablesys 

for  the  highest  quality  products  at  the  lowest  price. 


MPO 


WEBSITE:  www. cablesys.com 
WEB:  cablesys.com/save.htm 
CALL:  1.800.555.7176 


Let  the  Model  135 
Monitor  Your  Site 


The  Model  135  Site  Monitor  is  designed  to  serve  as  your 
"resource  kit”  for  monitoring  and  maintaining  computer, 
communications,  and  specialized  equipment  locations. 
With  a  wide  range  of  built-in  capabilities,  it’s  easy  to 
tailor  a  powerful  site-specific  solution. 

Highlights  include  10/100  Ethernet  and  analog  modem 
connectivity,  serial  port  access  and  text  data  "matching,’ 
AC  and  DC  voltage  monitoring,  ping  testing,  and  contact 
closure  inputs  and  outputs.  And  the  web-based  interface 
makes  setup  and  use  a  straight-forward  process. 

For  complete  details  on  the  Model  135,  give  us  a  call 
or  visit  www.gkinc.com. 


\mm 


•  Supports  10/100/1000 

•  Stream  into  two  different  devices 

•  Rack  mount  up  to  three  across 

•  Supports  all  commercial  analysis  systems 

•  Also  works  with  open-source  tools 

Learn  more.  Visit  www.networkTAPs.com. 


Buffer  options: 

256  MB . . . $1,495 

512  MB . $1,995 


liTAP 


TM 


Choose  from  a  variety  of  configurations,  options,  and  pricing.  Plus  a 
complete  line  of  copper  and  optical  nTAPs  for  full-duplex  analyzer  systems. 
Free  overnight  delivery* 

www.networkTAPs.com  •  1-866-GET-nTAP 


ftp  rf  (K) 

1  ^  v  “Free  overnight  delivery  on  all  U.S.  orders  over  $295  confirmed  before  12  p.m.  Central  Time. 

©  2007  Network  Instilments.  UC.  nTAP  and  all  associated  logos  ate  trademarks  or  registered  trademarks  of  Network  Instruments,  UC. 
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How  Do  You  Ensure 
Maximum  Uptime  for 
Your  Critical  Devices? 


With  Smart  Load  Shedding! 

Manage  individual  devices  based  on  Temperature, 
Current  Load  or  UPS  Power  Status 

Should  the  temperature  or  load  current  exceed  defined  thresholds  or  the 
UPS  lose  power  and  go  onto  battery  all  or  a  portion  of  the  load  can  be 
automatically  shed  to  ensure  longer  operational  life  of  your  critical  devices! 


>  Integral  Web  Based  GUI:  Easy-to-use, 
secure  configuration  tool 

>  Remote  Shutdown  Agent:  Graceful  server 
shut  down  and  restart 

>  Event  Notification:  SNMP  and  Email 


alerts 

>  UPS  Types:  All  Major  UPS  manufacturers 
supported 

>  Auto-recovery:  When  conditions  return 
to  normal 


Server  Technology,  Inc. 

1040  Sandhill  Drive  tf  +1.800.835.1515 

Reno,  NV  89521  tel +1.775.284.2000 

USA  fax  +1.775.284.2065 

www.servertech.com  sales@servertech.com 

www.servertechhlog.com 


TCP/IP  Network 

>  UPS  Polling 

>  Remote  Shutdown  Agent 


Network 


Switched  CPU 


Windows  Server 


Netware  Server 


HP-UX  Server 


A1X  Server 


Server  Technology 


Solutions  for  the  Data  Center  Equipment  Cabinet 


SENSAPHONE 

iMs-anan 


TM 
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Monitor  the  REST  of 
Your  Computer  Room! 


Physical  Security 
Video 

Temperature 
Power  Problems 
Water  on  the  Floor 
Humidity 
Smoke  and  Fire 
And  much  more 


by  Phone  or  E-mail 
when  events  threaten  your  Infrastructure. 


Dealers  Wanted 

Contact  us  today  to  discuss  your  application 

www. ims-4000.com  8  7  7 -  3  7  3 - 2  7 0 0 


Instantly  Search  Terabytes  of  Text 


Contact  dtSearch  for 
fully-functional  evaluations 


The  Smart  Choice  for 
Text  Retrieval®  since  1991 


♦  over  two  dozen  indexed,  unindexed, 
fielded  data  and  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  and  PDF, 
while  displaying  links,  formatting  and 

♦  converts  other  file  types  (database, 
word  processor,  spreadsheet,  email 
and  attachments,  ZIP,  Unicode,  etc.)  to 
HTML  for  display  with  highlighted  hits 

♦  Spider  supports  static  and  dynamic 
Web  content,  with  WYSWYG 
hit-highlighting 

♦  API  supports  .NET,  C++,  Java,  SQL 
databases.  New  .NET  Spider  API 

dtSearch®  Reviews 

♦  "Bottom  line:  dtSearch  manages  a 
terabyte  of  text  in  a  single  index  and 
returns  results  in  less  than  a  second" 

-  Inf oWorld 

♦  "For  combing  through  large  amounts 
of  data,  dtSearch  "leads  the  market" 

-  Network  Computing 

♦  "Blindingly  fast”-  Computer  Forensics: 
Incident  Response  Essentials 

♦  "Covers  all  data  sources ...  powerful 
Web-based  engines"  -  eWEEK 

♦  "Searches  at  blazing  speeds" 

-  Computer  Reseller  News  Test  Center 

♦  "The  most  powerful  document  search 
tool  on  the  market"-  Wired  Magazine 

For  hundreds  more  reviews  —  and 
developer  case  studies  —  see 
www.dtsearch.com 


1-800-IT-FINDS  •  www.dtsearch.com 
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Patrick  J.  McGovern,  Chairman  of  the  Board 
Bob  Carrigan,  President,  IDG  Communications 

Network  H/or/cf  is  a  publication  of  IDG,  the  world's  largest 
publisher  of  computer-related  information  and  the  lead¬ 
ing  global  provider  of  information  services  on  informa¬ 
tion  technology.  IDG  publishes  over  300  computer  publi¬ 
cations  in  85  countries.  One  hundred  million  people  read 
one  or  more  IDG  publications  each  month.  Network 
World  contributes  to  the  IDG  News  Service,  offering  the 
latest  on  domestic  and  international  computer  news. 


Publicize  your  press  coverage  in  Network  World 
by  ordering  reprints  of  your  editorial  mentions. 
Reprints  make  great  marketing  materials  and 
are  available  in  quantities  of  500  and  up.  To  order, 
contact  Reprint  Management  Services  at  (717) 
399-1900  x128  or  E-mail:  networkworld@reprint- 
buyer.com. 


NetworkWorld 

Events  and  Executive  Forums 
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Executive  Forums  produces 
events  including  IT  Roadmap, 
DEMO  and  The  Security 
Standard.  For  complete  infor¬ 
mation  on  our  current  event  offerings,  call  us  at  800-643-4668  or 
go  to  www.networkworld.com/events. 
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Making  Nicky  proud 

Li 


ast  week  I  discussed  IT  in  terms  of  a 
pack  of  dogs.  But,  as  I  concluded,  most  of 
lus  are  not  animals, so  getting  ahead  in  IT 
is  actually  a  little  more  complicated  than  the 
dynamics  of  a  canine  hierarchy.  Of  course,  in 
BACKSPIN  some  companies,  that’s  only  slightly  more 
complicated  . . . 

How  do  you  get  ahead  in  IT?  The  tradi¬ 
tional  answer  is  that  you  need  to  put  your 
nose  to  the  grindstone,  your  shoulder  to  the  wheel  and  “give  1 10%!” 
What  utter  crap. 

This  “all  for  the  company”  line  has  become  the  mantra  of  the  high- 
tech  business.“Want  to  get  ahead?  Give  up  your  life! 


Mark  Gibbs 


justified  were  those  that  resulted  in  stability  If  those  ends  are 
achieved,  whatever  means  you  use  are  OK. 

So  if  you  want  to  get  ahead  in  IT,  I  suggest  that  whatever  power 
plays  you  make  must  result  in  solutions  that  support  and,  ideally, 
actually  further  the  organization  —  that’s  what  stability  means  in 
business  —  continuance  and  growth.  But  given  that  all  organizations 
are  intrinsically  dynamic, your  opportunity  lies  in  being  the  guy  who 
solves  the  problems  of  dynamism  so  that  business  can  carry  on  as 
desired,  if  not  as  planned. 

Here’s  where  your  boss  could  well  be  going  wrong.  In  any  sizable 
organization  his  responsibilities  will  have  grown  to  the  point  where  he 
tends  to  avoid  the  possible  in  favor  of  the  known. That’s  your  opportu¬ 
nity  When  he  resists  anything  novel,  you  establish  a 


Eat,  sleep  and  breathe  your  job!  Your  reward  will  f  Consider  the  thinking  case  an<^  ma^e  ^  known  to  all  and  sundry  that  you 
come  in  the  fullness  of  time!  And  here,  have  a  foos-  .  °  are  experimenting  before  he  can  shut  you  down.  If 

ball  table  and  free  food  while  you  wait!”Yum.  of  Niccolo  di  Bernardo  you  come  up  trumps  (which  you  will,  because  you 
Nothing  like  gourmet  pizza  and  free  Evian  to  make  J\/JachiaV6lli  55  planned  it  that  way,  didn’t  you?), you’ll  be  The  Man. 


up  for  no  life. 

Nope,  if  you’re  smart,  and  you  want  to  really  get 
ahead,  consider  the  thinking  of  Niccolo  di  Bernardo  dei  Machiavelli 
(1469  to  1527), who  was,  among  many  other  skills,  the  first  modern 
political  philosopher. 

Politics  is  often  referred  to  as  the  second-oldest  profession  or  “the  art 
of  the  possible.”  Nicky  (as  his  friends,  if  he  had  any  probably  never 
called  him)  realized  that  human  nature  means  that  success  in  politics 
is  predicated  upon  the  effective  manipulation  of  circumstances. 

Now  many  people  think  that  Mac  (which  I  also  doubt  that  people 
called  him)  was  a  bit  of  a  bastard,  but  the  truth  is  that  he  was  a  realist. 
For  example,  he  didn’t  simply  argue,  as  is  often  supposed,  that  the 
ends  always  justify  the  means  —  he  said  that  the  only  ends  that  were 


You,  of  course,  will  hand  him  the  glory  but  you’ll  also 
make  absolutely  sure  that  everyone  knows  when  it 
happens  that  you  were  the  guy  who  made  it  happen. 

Does  this  seem  devious?  Perhaps  you  should  consider  it  in  terms 
of  working  for  the  greater  good.  If  your  boss  isn’t  going  to  drive  the 
corporate  IT  bus,  and  you  don’t  take  action,  you  are  risking  the 
effectiveness  and  therefore  the  viability  of  the  organization. You 
owe  it  to  everyone,  including  yourself,  to  take  charge.  Nicky  would 
be  proud  of  you. 

Gibbs  plots  and  schemes  from  Ventura,  Calif.  If  you  want  to  know 
more  about  his  machinations, go  to  www.gibbs.com/mgbio.  He  can  be 
reached  at  backspin@gibbs.com. 
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News,  Insights,  oddities 


Ermail  etiquette: 

This  is  a  minor  matter,  obviously,  so  if 
you’re  busy  I’d  suggest  you  move  on. 
Here’s  the  setup,  which  happens  to 
almost  all  of  us,  almost  every  day:  A  colleague 
or  business  associate  has  answered  your  rou¬ 
tine  e-mail  request  with  his  or  her  equally 
routine  answer  (let’s  say  you  asked  for  a  bud¬ 
get  number). 

Your  original  request  included  the  requisite 


“please”  and  “thank  you,”  because,  well,  you 
weren’t  raised  by  wolves.  Moments  later  a  reply  arrives,  and  it  provides 
the  information  you  sought;  nothing  more,  nothing  less. 

Do  you  in  turn  send  what  we’re  going  to  call  here  “the  unadorned 
thanks?”  In  other  words,  do  you  —  as  many  do  —  reply  with  only  the 
word  “thanks”.  (Again,  for  the  sake  of  this  discussion,  we’re  presuming 
you  have  nothing  else  to  say) 

If  your  answer  is  “of  course  I  do,  you  rube,”  then  you  are  probably  liv¬ 
ing  unaware  that  the  unadorned  thanks  is  considered  by  some  to  be 
gratuitous,  at  best  —  remember,  you  already  wrote  “thanks” —  and  at 
worst,  an  annoying  waste  of  everyone’s  time,  most  notably  mine. 

What’s  the  beef?  Allow  me  an  all-too-familiar  example  to  illustrate: 
Public  relations  professionals  are  constantly  subjecting  me  to  the 
unadorned  thanks. They’ll  send  a  story  pitch  complete  with  a  pre¬ 
thank  you.  I’ll  answer, “no,  thanks.”  And,  almost  before  I  can  return  my 
attention  to  whatever  task  it  had  been  ripped  from  to  reply  I’ll  see  the 
PR  pro’s  next  message  hit  my  in-box. 

Just  delete  it,  you  say? 

No  can  do.  I  just  can’t  be  certain  that  it’s  another  unadorned  thanks 
—  even  though  I’d  bet  the  mortgage  money  —  and  I’ve  already  com¬ 
mitted  to  this  conversation,  so  deleting  the  reply  to  my  reply 
unopened  seems  rude.  (No,  I  don’t  use  the  preview  pane.) 


Thanks  or  no  thanks? 

So  I  click  on  the  e-mail,  curse  yet  another  unadorned  thanks  and 
vow  solemnly  never  to  write  a  word  about  the  sender’s  client,  at  least 
not  a  positive  word. 

I  know  I’m  not  alone  on  this  one.  Of  course,  there  are  those  who 
will  argue  that  I’m  a  nit-picking  curmudgeon  (not  the  first  time). 
Yet  others  will  argue  that  you  can  never  be  too  rich,  too  thin  or 
too  polite. 

Some  of  the  latter  were  on  my  case  last  week  at  Buzzblog 
(www.nwdocfinder.com/9824). 

“You  may  not  be  alone,  but  you  should  be,”  writes  one  fellow  who  is 
clearly  quite  irked  by  my  complaint.“It  is  simply  pathetic  how  com¬ 
mon  courtesy  has  been  literally  forced  out  the  door  by  people  who 
are  ‘too  busy’  or  ‘can’t  waste  the  time’  to  accept  the  ‘thank  you’  mes¬ 
sage  as  what  it  really  is  —  a  thank  you.” 

He’s  just  warming  to  the  task. 

“So,  you  get  an  extraneous  e-mail.  How  much  does  it  cost?  In  your 
‘wasted’  time,  pennies.  In  terms  of  the  amount  of  e-mail  going  over 
the  wire,  less.  In  terms  of  good  will  on  the  behalf  of  the  sender,  pos¬ 
sibly  priceless.” 

Done?  Oh,  not  by  a  long  shot. 

“If  you  want  to  be  a  curmudgeon,  be  one.  I  believe  we  have  anoth¬ 
er  name  for  it,  but  I’m  pretty  certain  you  have  readers  that  are  sensi¬ 
tive  to  such  language.  Just  please  don’t  expect  the  rest  of  the  world 
to  be  the  same.” 

What  other  name  might  he  have  in  mind? 

There’s  plenty  of  discussion  about  this  topic  on  the  blog  —  includ¬ 
ing  that  man’s  unabridged  umbrage  —  as  well  as  poll  results  that 
show  a  radical  divergence  of  opinion. 

Thanks. 

Need  a  more  direct  channel?  Try  buzz@nww.com. 
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